[A] Warning: possible TDL3 rootkit infection !

Broni · Aug 19, 2012

Looks good

Any current issues?

Please don't change your posts font because it's harder to read.

=================================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

============================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Reginald Hirsch · Aug 19, 2012

lwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Reginald :: REGINALD-PC [administrator]

Protection: Disabled

8/18/2012 11:32:25 PM
mbam-log-2012-08-18 (23-32-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241792
Time elapsed: 15 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Reginald Hirsch · Aug 19, 2012

Evert time I try and upload the extras.txt and the otl.txt file it won't save
here is my attempt with extras.txt
OTL Extras logfile created on: 8/18/2012 11:50:13 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Reginald\Desktop\Tech
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.31% Memory free
5.99 Gb Paging File | 2.97 Gb Available in Paging File | 49.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 85.45 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.94 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive E: | 375.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 468.19 Mb Total Space | 451.19 Mb Free Space | 96.37% Space Free | Partition Type: FAT
Drive K: | 74.52 Gb Total Space | 32.02 Gb Free Space | 42.97% Space Free | Partition Type: NTFS

Computer Name: REGINALD-PC | User Name: Reginald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{05515B24-EE02-422F-BE48-07496B1D6615}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E1A23C6-C5DD-412E-AF38-5661E096BA9F}" = lport=5353 | protocol=17 | dir=in | name=bonjour |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BED88789-1DDC-409E-ABA4-8C58366C11A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{395ED008-86FE-4B1D-94E2-0215C02B99B1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65EFC9AF-7FD1-478A-A836-708FB79D4577}" = dir=in | app=c:\program files\airport\apagent.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6EAB84B0-599F-4687-A098-4A8DFD0A14E3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{72247DBA-507C-447A-A540-C834D3A67F45}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9747A1A-C901-485B-B24D-5F38591BD9A9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{16BB53E0-2CF3-49F9-9A46-835E253BD868}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1B7C658A-5BC5-4CCA-BFDA-A08D5FDF8597}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"TCP Query User{2DD15C1F-443A-4A2E-B403-D670309C0FEB}C:\program files\weprint\weprint server.exe" = protocol=6 | dir=in | app=c:\program files\weprint\weprint server.exe |
"TCP Query User{AA726E93-1869-4477-8C7B-80802953B0DF}C:\program files\airvideoserver\airvideoserver.exe" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"TCP Query User{B3A9A1FC-EF63-4873-890A-D135E8C1A33F}C:\program files\weprint\weprint server.exe" = protocol=6 | dir=in | app=c:\program files\weprint\weprint server.exe |
"TCP Query User{BD4FC17D-1BA0-404C-8733-85722EAEB974}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{ED853B16-6ECD-43AB-8278-6F8B467C7C29}C:\program files\airvideoserver\airvideoserver.exe" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"UDP Query User{482DD29E-CD28-4301-B8F9-542D861CED73}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{AA2B871D-7C55-4A6C-A4BD-C1FB50E24EF1}C:\program files\airvideoserver\airvideoserver.exe" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"UDP Query User{BAB0A388-C74A-4CAD-9077-15E8F79F565F}C:\program files\airvideoserver\airvideoserver.exe" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"UDP Query User{BB272032-5C38-4FE0-9A16-3A6BA2E17755}C:\program files\weprint\weprint server.exe" = protocol=17 | dir=in | app=c:\program files\weprint\weprint server.exe |
"UDP Query User{D00D5BFF-8220-4E5A-BF46-15B06ED24EAD}C:\program files\weprint\weprint server.exe" = protocol=17 | dir=in | app=c:\program files\weprint\weprint server.exe |
"UDP Query User{EA2B715C-A7F6-4404-B435-05C9BBE8AFC7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{FE6EB834-4072-4703-ACF8-7D69EC77B8CB}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13BBBB38-22D8-4BF1-80CA-7D54152C2980}" = WebSlingPlayer ActiveX
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{183E58A5-A6F5-4FDD-8B37-5F483B6CCDDC}" = NETGEAR XE104 Powerline Encryption Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{59D007A3-05CD-4D7C-A660-FE2450BE4BDE}_is1" = Sanmaxi Outlook Password Recovery Trial Version 5.0.1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{665C721C-49A3-49E9-AED0-EBEDC1327D57}" = Setup Wizard
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6E2DDDB8-1E70-4219-994B-5B9761F964FF}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73F01EB9-1682-4678-B856-F672D09F1E32}" = Garmin Lifetime Updater
"{76109814-439E-46A1-8BD3-A3D5DEEF1FD6}" = NETGEAR XE102 Powerline Encryption Utility
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782A8AEE-0722-4E08-BB72-34C218CF166B}" = Uniblue PowerSuite 2009
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{807CF799-E1B8-464D-8F6A-C01655332EFD}" = Microsoft Security Compliance Manager 1.0
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{83E3E4FD-1C5F-BB72-1118-799EC15CB30B}" = ATI Catalyst Install Manager
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84513125-0BC7-46F8-BE1E-309263B79AE2}" = Xmarks Thumbnails for IE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C05C9016-8774-46C0-8BD4-A8EE5E25572F}" = IPView Pro 2.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Business 2009.SP3c
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C56BBAC8-0DD2-4CE4-86E0-F2BDEABDD0CF}" = Xmarks for IE
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)
"{E5839ADC-1116-49E2-8A0A-FE9EB65027DF}" = WeatherLink 5.8.3
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C003B5-6F66-49A3-86C4-49D7D2502ADA}" = Debug Diagnostics 1.2 32-bit
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7186715-3AEE-4C0A-B191-0D1835E57BE2}" = SetupWizard
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD5FC366-49CA-497D-975C-B4C11696325F}" = Virtual Weather Station
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveWords" = ActiveWords
"AddThis Toolbar" = AddThis Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AI RoboForm" = RoboForm 7-7-9-9 (All Users)
"Air Video Server" = Air Video Server 2.4.3
"Anvi Smart Defender" = Anvi Smart Defender 1.5
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.6
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Cumulus_is1" = Cumulus 1.9.2
"Dell Support Center" = Dell Support Center
"DUMeter3_is1" = DU Meter
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.0.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Fences Pro" = Fences Pro
"Google Chrome Frame" = Google Chrome Frame
"Google Desktop" = Google Desktop
"Greatis Reanimator_is1" = RegRun Reanimator
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Jawbone Updater" = Jawbone Updater
"Kingsoft PC Doctor" = Kingsoft PC Doctor 3.3.1.9
"Loki ActiveX Control" = Loki ActiveX Control
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NetworkView_is1" = NetworkView Version 3.60
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"RealVNC_is1" = VNC Enterprise Edition E4.4.2
"SABnzbd" = SABnzbd 0.6.10
"StarDot_Tools_1.5" = StarDot Tools 1.5.3
"SysMetrix" = SysMetrix 3.44
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TerraExplorer" = TerraExplorer
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue PowerSuite 2009" = Uniblue PowerSuite 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VLC media player" = VLC media player 1.0.0
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"WePrint" = WePrint
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2012 8:39:44 AM | Computer Name = Reginald-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.6.1.7 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1ca0 Start Time:
01cd7cb83d4588cc Termination Time: 1087 Application Path: C:\Program Files\iTunes\iTunes.exe

Report
Id:

Error - 8/18/2012 8:48:16 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2012 10:35:55 PM | Computer Name = Reginald-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 9.0.0 home edition\res\Help.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/19/2012 12:12:28 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2012 12:15:50 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2012 12:18:24 AM | Computer Name = Reginald-PC | Source = VSS | ID = 18
Description =

Error - 8/19/2012 12:18:24 AM | Computer Name = Reginald-PC | Source = VSS | ID = 8193
Description =

Error - 8/19/2012 12:18:24 AM | Computer Name = Reginald-PC | Source = System Restore | ID = 8193
Description =

Error - 8/19/2012 12:38:55 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2012 12:43:45 AM | Computer Name = Reginald-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1f6c Start
Time: 01cd7dc4992a8e97 Termination Time: 24 Application Path: C:\Program Files\Internet
Explorer\IEXPLORE.EXE Report Id:

[ Media Center Events ]
Error - 7/2/2009 10:07:30 AM | Computer Name = Reginald-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/19/2012 12:31:49 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/19/2012 12:31:49 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/19/2012 12:31:49 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/19/2012 12:35:32 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Bridge Protocol service failed to start due to the following
error: %%2

Error - 8/19/2012 12:37:55 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 9 service to connect.

Error - 8/19/2012 12:38:04 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Network Application Interface service failed to start due
to the following error: %%2

Error - 8/19/2012 12:38:04 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
Description = The VMware NAT Service service depends on the VMware Network Application
Interface service which failed to start because of the following error: %%2

Error - 8/19/2012 12:39:04 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
Description = The VMware DHCP Service service depends on the VMware Network Application
Interface service which failed to start because of the following error: %%2

Error - 8/19/2012 12:41:23 AM | Computer Name = Reginald-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 8/19/2012 12:41:23 AM | Computer Name = Reginald-PC | Source = WMPNetworkSvc | ID = 866306
Description =

< End of report >

Reginald Hirsch · Aug 19, 2012

Took it that time here is the otl.txt
Won't take the otl.txt file ??

Reginald Hirsch · Aug 19, 2012

OTL logfile created on: 8/18/2012 11:50:13 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Reginald\Desktop\Tech
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.31% Memory free
5.99 Gb Paging File | 2.97 Gb Available in Paging File | 49.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 85.45 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.94 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive E: | 375.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 468.19 Mb Total Space | 451.19 Mb Free Space | 96.37% Space Free | Partition Type: FAT
Drive K: | 74.52 Gb Total Space | 32.02 Gb Free Space | 42.97% Space Free | Partition Type: NTFS

Computer Name: REGINALD-PC | User Name: Reginald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/18 23:47:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Reginald\Desktop\Tech\OTL.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/25 11:27:38 | 003,506,176 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\AWMonitor.exe
PRC - [2012/07/25 09:59:15 | 000,112,640 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\AWApps\L&T\AWLearnTrain.exe
PRC - [2012/07/25 09:59:04 | 000,419,840 | ---- | M] (ActiveWords) -- C:\Program Files\ActiveWords\AWApps\AWInkPad\AWInkpad.exe
PRC - [2012/07/25 09:59:01 | 000,035,328 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\AWFeedback.exe
PRC - [2012/07/25 09:58:48 | 000,509,440 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\Nahuatl.exe
PRC - [2012/07/20 02:11:38 | 000,686,408 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/07/20 02:11:28 | 001,217,864 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/07/19 15:13:17 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/07/16 08:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 08:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/13 04:18:26 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/12 03:36:52 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 03:36:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/09 17:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/10 22:26:24 | 001,308,064 | ---- | M] (Kingsoft Corporation) -- C:\Program Files\Kingsoft\PcDoctor\KSafeTray.exe
PRC - [2012/04/10 22:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) -- C:\Program Files\Kingsoft\PcDoctor\KSafeSvc.exe
PRC - [2012/04/03 07:14:04 | 002,542,080 | ---- | M] (EuroSmartz Ltd) -- C:\Program Files\WePrint\WePrint Server.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/10/19 10:28:50 | 021,328,896 | ---- | M] (Ambient, LLC) -- C:\vws\vws.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/12 18:01:38 | 000,345,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DebugDiag\DbgSvc.exe
PRC - [2011/07/08 03:25:22 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/08 03:24:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/23 22:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/08 11:20:14 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/29 15:30:36 | 002,942,856 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2010/09/29 15:30:36 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2010/09/14 17:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010/09/14 17:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010/09/14 17:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2010/09/01 10:58:32 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/08/21 08:54:14 | 000,390,736 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/08/21 08:54:08 | 000,779,960 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/08/21 08:51:50 | 005,458,848 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/08/20 16:00:50 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/04/30 13:35:12 | 004,899,136 | ---- | M] (PY Software) -- C:\Program Files\Active WebCam\WebCam.exe
PRC - [2010/04/30 13:35:02 | 000,738,640 | ---- | M] (PY Software) -- C:\Program Files\Active WebCam\Watchdog.exe
PRC - [2010/04/30 13:08:32 | 000,323,072 | ---- | M] () -- C:\Program Files\Active WebCam\CompParams.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/17 13:44:17 | 002,621,440 | ---- | M] (Nicholas Decker) -- C:\Program Files\SysMetrix\SysMetrix.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/06/26 17:21:00 | 000,759,296 | ---- | M] (Microsoft Corporation
) -- C:\Windows\vVX6000.exe
PRC - [2009/04/13 11:21:26 | 002,344,224 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/04/13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/03/26 23:05:22 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/30 15:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/18 22:40:41 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/08/18 22:40:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/08/18 22:37:27 | 000,079,480 | ---- | M] () -- C:\jexepackres\JX94E44\miniupnpc.dll
MOD - [2012/08/18 22:37:27 | 000,034,166 | ---- | M] () -- C:\jexepackres\JX94E44\natpmp.dll
MOD - [2012/08/16 19:31:08 | 000,442,392 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\ppgooglenaclpluginchrome.dll
MOD - [2012/08/16 19:31:06 | 012,236,824 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\PepperFlash\pepflashplayer.dll
MOD - [2012/08/16 19:31:05 | 003,997,720 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\pdf.dll
MOD - [2012/08/16 19:29:39 | 000,526,872 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\libglesv2.dll
MOD - [2012/08/16 19:29:38 | 000,104,984 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\libegl.dll
MOD - [2012/08/16 19:29:27 | 000,144,424 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\avutil-51.dll
MOD - [2012/08/16 19:29:26 | 000,266,792 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\avformat-54.dll
MOD - [2012/08/16 19:29:24 | 002,480,680 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\avcodec-54.dll
MOD - [2012/07/25 09:59:01 | 000,014,848 | ---- | M] () -- C:\Program Files\ActiveWords\AWApps\AWInkPad\AxInterop.AWCONTROLLib.dll
MOD - [2012/07/21 05:44:05 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/21 05:44:04 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/07/20 02:11:36 | 000,784,712 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/06/13 03:51:10 | 001,361,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
MOD - [2012/06/13 03:45:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:45:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 03:51:48 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 03:51:48 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/12 03:51:46 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/12 03:51:45 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 03:49:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:49:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:49:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:49:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/03 07:14:04 | 000,059,904 | ---- | M] () -- C:\Program Files\WePrint\zlib1.dll
MOD - [2011/10/21 03:01:40 | 000,075,160 | ---- | M] () -- C:\Program Files\Kingsoft\PcDoctor\json.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/23 19:34:50 | 000,140,664 | ---- | M] () -- C:\Program Files\Kingsoft\PcDoctor\zlib1.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/19 22:12:59 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
MOD - [2010/04/30 13:08:32 | 000,323,072 | ---- | M] () -- C:\Program Files\Active WebCam\CompParams.exe
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/28 17:21:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/02/28 17:21:07 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/02/28 17:21:02 | 000,236,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/02/28 17:21:01 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/02/28 17:21:00 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/02/28 17:20:59 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/02/28 17:20:58 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/02/28 17:20:57 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/02/28 17:20:55 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/02/28 17:20:54 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/02/28 17:20:50 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/02/28 17:20:31 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/02/28 17:20:15 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/02/28 17:20:14 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/02/28 17:19:59 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/02/28 17:19:57 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/02/28 17:19:57 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/02/28 17:19:56 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/02/28 17:19:51 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/02/28 17:19:44 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll

Reginald Hirsch · Aug 19, 2012

MOD - [2009/02/28 17:19:44 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/02/28 17:19:42 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/02/28 17:19:40 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/02/28 17:19:36 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/02/28 17:19:31 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/02/28 17:19:28 | 000,096,768 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/02/28 17:19:22 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/02/28 17:19:19 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/02/28 17:19:16 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/02/28 17:19:08 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/02/28 17:18:58 | 001,240,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/02/28 17:18:45 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/02/28 17:18:27 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2009/02/28 17:18:25 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2001/08/12 13:35:24 | 000,872,507 | ---- | M] () -- C:\vws\mesa.dll
MOD - [1999/04/01 11:33:44 | 000,164,352 | ---- | M] () -- C:\vws\weatherlink.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/15 01:17:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 02:11:38 | 000,686,408 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 03:36:52 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 03:36:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/10 22:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Program Files\Kingsoft\PcDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/12 18:01:38 | 000,345,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DebugDiag\DbgSvc.exe -- (DbgSvc)
SRV - [2011/07/08 03:24:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 11:20:14 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/29 15:30:36 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010/09/14 17:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010/09/14 17:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/09/01 10:58:32 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/08/21 08:54:08 | 000,779,960 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/06/10 04:25:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/30 13:35:12 | 004,899,136 | ---- | M] (PY Software) [Disabled | Stopped] -- C:\Program Files\Active WebCam\WebCam.exe -- (ACTIVEWEBCAM)
SRV - [2010/04/30 13:35:02 | 000,738,640 | ---- | M] (PY Software) [On_Demand | Stopped] -- C:\Program Files\Active WebCam\Watchdog.exe -- (ACTIVEWEBCAMWATCHDOG)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/17 22:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/02/28 08:53:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/06/12 12:48:16 | 002,159,992 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Unavailable | Unknown] -- -- (IogearUDSMBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Reginald\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/15 06:10:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/07/12 23:49:52 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
DRV - [2012/07/12 23:49:50 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
DRV - [2012/07/12 23:49:50 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
DRV - [2012/07/12 03:36:34 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/10 12:51:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/08/05 04:49:20 | 000,110,496 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- C:\Program Files\Kingsoft\PcDoctor\kmodurl.sys -- (kmodurl)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 04:14:42 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/07/08 04:14:42 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/08 02:46:44 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/23 17:33:32 | 000,021,120 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/01/27 20:18:32 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011/01/27 20:18:32 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/11/20 06:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 06:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 04:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 15:30:40 | 000,018,576 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DU Meter\DUMetr32.sys -- (DUMeterDrv)
DRV - [2010/09/01 10:58:34 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/09/01 10:58:30 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/09/01 10:58:28 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010/09/01 10:58:19 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/02/03 00:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/13 16:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/06/26 17:21:02 | 002,069,504 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2009/05/05 23:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/26 23:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/03/26 23:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/03/26 23:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/03/26 23:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/03/26 23:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/03/26 17:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/17 09:43:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/12/01 11:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/05/09 15:04:54 | 000,018,176 | ---- | M] (Delta Networks, Inc. (DNI)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XE102Sp5.sys -- (XE102Sp5)
DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/19 11:17:14 | 000,021,120 | ---- | M] (Delta Networks, Inc. (DNI)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XE102Mp5.sys -- (XE102Mp5)
DRV - [2004/04/26 18:11:32 | 000,017,280 | R--- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PLCNDIS5.SYS -- (PLCNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Reginald Hirsch · Aug 19, 2012

IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\URLSearchHook: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{53806648-461E-4310-A736-D9AF8C78AB04}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{58DB32C2-A84C-4ACD-ADFB-8C7BD43344EF}: "URL" = http://search.yahoo.com/search?type=61107&fr=freecause&ei=utf-8&p={searchTerms}
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=CXdMmJ8z-RX6dIgZyKxxUwryOCM?q={searchTerms}
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://watch.slingbox.com/watch/sling_player"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Reginald\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Reginald\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Reginald\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/07/19 15:14:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/28 20:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 14:47:02 | 000,000,000 | ---D | M]

[2010/06/10 01:27:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Extensions
[2012/04/16 20:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\extensions
[2011/08/17 14:53:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/08/07 13:22:50 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/05/10 13:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/19 12:34:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/16 20:14:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/16 20:14:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/16 20:14:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://news.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://news.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Reginald\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Reginald\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Reginald\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Pin anything, anywhere. Just press the button and an overlay window will appear. = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\5.1_0\
CHR - Extension: Taskforce = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc\1.4_0\
CHR - Extension: Flixster = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
CHR - Extension: Gmail = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/18 21:44:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\21.0.1180.79\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application S

Reginald Hirsch · Aug 19, 2012

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KSafeTray] C:\Program Files\Kingsoft\PcDoctor\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe (Nicholas Decker)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Active WebCam.LNK = C:\Program Files\Active WebCam\WebCam.exe (PY Software)
O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk = C:\Program Files\ActiveWords\AWMonitor.exe (ActiveWord Systems, Inc.)
O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Weather Station.lnk = C:\vws\vws.exe (Ambient, LLC)
O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

Reginald Hirsch · Aug 19, 2012

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([connect] * in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([mygarmin] * in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([locate] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([shop] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} http://192.168.1.210/xplugxLiteTW.cab (Gif89 xLite Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://I.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: CaptureClient http://192.168.1.110/CaptureClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.19.128.53 72.19.128.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297982DB-7F42-4718-8D4B-A71C72C5621A}: DhcpNameServer = 72.19.128.53 72.19.128.99
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\21.0.1180.79\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)

Reginald Hirsch · Aug 19, 2012

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/23 05:40:02 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 23:47:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Reginald\Desktop\OTL.exe
[2012/08/18 22:43:42 | 000,000,000 | ---D | C] -- C:\Users\Reginald\temp
[2012/08/18 22:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Safe
[2012/08/18 22:33:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/18 22:31:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/18 22:16:21 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\rkill
[2012/08/18 22:06:16 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill - Copy.exe
[2012/08/18 22:05:11 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill.exe
[2012/08/18 21:48:28 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\Tech
[2012/08/18 21:25:07 | 003,470,979 | ---- | C] (Swearware) -- C:\Users\Reginald\Desktop\Unconfirmed 560231.crdownload
[2012/08/18 20:02:39 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\Reginald\Desktop\ComboFix.exe
[2012/08/18 12:15:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Reginald\Desktop\aswMBR.exe
[2012/08/18 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\Anvisoft
[2012/08/18 08:27:44 | 000,022,864 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrs.sys
[2012/08/18 08:27:44 | 000,016,208 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrm.sys
[2012/08/18 08:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/08/18 08:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/08/18 08:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/08/17 10:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/16 11:25:59 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\ActiveWords 2.0
[2012/08/16 11:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2012/08/16 11:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveWords
[2012/08/16 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\orangequava
[2012/08/16 11:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveWords
[2012/08/16 08:13:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Reginald\Desktop\dds.com
[2012/08/15 17:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\AirPort
[2012/08/15 13:11:38 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\rootkit
[2012/08/15 09:23:34 | 000,000,000 | ---D | C] -- C:\Backreg
[2012/08/15 09:11:33 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\Warrior
[2012/08/15 08:56:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/15 08:56:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/15 08:56:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/15 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/15 06:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/08/15 06:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/08/14 21:59:39 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2012/08/14 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/08/14 21:29:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2012/08/14 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Documents\RegRun2
[2012/08/14 21:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
[2012/08/14 21:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis
[2012/08/14 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/08/14 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/14 19:13:24 | 000,100,864 | ---- | C] (GMER) -- C:\pwlyikod.sys
[2012/08/14 19:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/14 18:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/14 18:41:04 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/14 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/08/14 18:19:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/13 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\IrrigationCaddy
[2012/07/21 05:43:40 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/21 05:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/21 05:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/21 05:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/20 17:45:29 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\WaldonFire
[2012/07/20 13:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/20 13:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/13 20:09:28 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Reginald\gotomypc_540.exe
[2008/12/19 21:07:41 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Reginald\gotomypc_438.exe
[2008/12/19 21:04:51 | 003,902,784 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Reginald\gosetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Reginald Hirsch · Aug 19, 2012

========== Files - Modified Within 30 Days ==========

[2012/08/18 23:55:29 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D9D0871-37AF-43C2-BA55-FCB153C904EF}.job
[2012/08/18 23:47:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Reginald\Desktop\OTL.exe
[2012/08/18 23:23:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/18 23:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 23:07:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000UA.job
[2012/08/18 22:49:18 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 22:49:18 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 22:43:03 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/08/18 22:36:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 22:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 22:34:48 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 22:10:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/18 22:06:57 | 000,000,114 | ---- | M] () -- C:\Users\Reginald\Desktop\[Active] - Warning- possible TDL3 rootkit infection ! - TechSpot Forums.url
[2012/08/18 22:05:36 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill.exe
[2012/08/18 22:05:36 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill - Copy.exe
[2012/08/18 21:44:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/18 21:25:44 | 003,470,979 | ---- | M] (Swearware) -- C:\Users\Reginald\Desktop\Unconfirmed 560231.crdownload
[2012/08/18 20:03:17 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\Reginald\Desktop\ComboFix.exe
[2012/08/18 18:07:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000Core.job
[2012/08/18 17:23:00 | 002,189,836 | ---- | M] () -- C:\Users\Reginald\Desktop\tdsskiller.zip
[2012/08/18 15:09:18 | 000,302,592 | ---- | M] () -- C:\Users\Reginald\Desktop\cztdodz5.exe
[2012/08/18 12:16:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Reginald\Desktop\aswMBR.exe
[2012/08/18 08:27:44 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2012/08/18 08:26:07 | 016,259,544 | ---- | M] () -- C:\Users\Reginald\Desktop\asdsetup.exe
[2012/08/18 06:40:16 | 000,086,913 | ---- | M] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers1.wpd
[2012/08/18 06:40:00 | 000,086,913 | ---- | M] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers.wpd
[2012/08/17 15:15:39 | 000,002,174 | ---- | M] () -- C:\Users\Reginald\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/17 15:15:38 | 000,002,297 | ---- | M] () -- C:\Users\Reginald\Desktop\Google Chrome.lnk
[2012/08/17 13:35:05 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/16 14:29:19 | 001,102,128 | ---- | M] () -- C:\Users\Reginald\Desktop\ProcessMonitor.zip
[2012/08/16 11:26:00 | 000,001,931 | ---- | M] () -- C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk
[2012/08/16 11:25:45 | 000,232,915 | ---- | M] () -- C:\Windows\ActiveWords Uninstaller.exe
[2012/08/16 10:11:15 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/08/16 08:25:08 | 000,003,274 | ---- | M] () -- C:\Users\Reginald\Desktop\EventSystemWin7.reg
[2012/08/16 07:48:47 | 000,497,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/16 07:29:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Reginald\Desktop\dds.com
[2012/08/15 14:45:43 | 000,062,386 | ---- | M] () -- C:\Users\Reginald\Desktop\DOC081512-001.pdf
[2012/08/15 14:17:00 | 000,048,503 | ---- | M] () -- C:\Users\Reginald\Desktop\DOC081512.pdf
[2012/08/15 09:20:31 | 000,000,506 | -H-- | M] () -- C:\regrun.war
[2012/08/14 21:28:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/14 21:28:26 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/08/14 21:28:26 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/08/14 19:13:24 | 000,100,864 | ---- | M] (GMER) -- C:\pwlyikod.sys
[2012/08/14 19:08:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/14 19:08:42 | 000,698,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/14 19:08:42 | 000,134,784 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/14 13:03:40 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/13 18:00:57 | 000,234,336 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/07/21 05:43:34 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/20 18:46:28 | 000,001,366 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 13:18:58 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/20 13:00:11 | 000,002,551 | ---- | M] () -- C:\Users\Reginald\Desktop\Skype.lnk
[2012/07/20 11:26:45 | 000,019,039 | ---- | M] () -- C:\Users\Reginald\Desktop\487359_10151053583328330_949994986_n.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 22:43:03 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/08/18 22:43:03 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/08/18 22:06:57 | 000,000,114 | ---- | C] () -- C:\Users\Reginald\Desktop\[Active] - Warning- possible TDL3 rootkit infection ! - TechSpot Forums.url
[2012/08/18 17:22:36 | 002,189,836 | ---- | C] () -- C:\Users\Reginald\Desktop\tdsskiller.zip
[2012/08/18 15:09:16 | 000,302,592 | ---- | C] () -- C:\Users\Reginald\Desktop\cztdodz5.exe
[2012/08/18 08:27:44 | 000,014,160 | ---- | C] () -- C:\Windows\System32\drivers\asdws.sys
[2012/08/18 08:27:44 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2012/08/18 08:25:10 | 016,259,544 | ---- | C] () -- C:\Users\Reginald\Desktop\asdsetup.exe
[2012/08/18 06:40:16 | 000,086,913 | ---- | C] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers1.wpd
[2012/08/17 08:06:46 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/16 14:29:09 | 001,102,128 | ---- | C] () -- C:\Users\Reginald\Desktop\ProcessMonitor.zip
[2012/08/16 11:25:17 | 000,232,915 | ---- | C] () -- C:\Windows\ActiveWords Uninstaller.exe
[2012/08/16 11:25:17 | 000,001,931 | ---- | C] () -- C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk
[2012/08/16 08:25:08 | 000,003,274 | ---- | C] () -- C:\Users\Reginald\Desktop\EventSystemWin7.reg
[2012/08/15 17:45:01 | 000,002,421 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk
[2012/08/15 14:44:39 | 000,062,386 | ---- | C] () -- C:\Users\Reginald\Desktop\DOC081512-001.pdf
[2012/08/15 14:41:20 | 000,086,913 | ---- | C] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers.wpd
[2012/08/15 14:20:40 | 000,048,503 | ---- | C] () -- C:\Users\Reginald\Desktop\DOC081512.pdf
[2012/08/15 08:56:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/15 08:56:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/15 08:56:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/15 08:56:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/15 08:56:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 06:30:30 | 000,000,506 | -H-- | C] () -- C:\regrun.war
[2012/08/14 21:28:26 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/08/14 19:08:48 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/21 05:43:34 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/20 13:18:58 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/20 13:00:11 | 000,002,551 | ---- | C] () -- C:\Users\Reginald\Desktop\Skype.lnk
[2012/07/20 11:27:39 | 000,019,039 | ---- | C] () -- C:\Users\Reginald\Desktop\487359_10151053583328330_949994986_n.jpg
[2012/04/14 18:16:51 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MC4MIntSetupWizard.dll
[2012/04/14 18:16:50 | 000,126,976 | ---- | C] () -- C:\Windows\System32\THBIni20.dll
[2011/08/06 16:06:20 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/08/06 16:06:20 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/08/06 16:06:20 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/08/06 16:06:20 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/08/06 16:06:20 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/08 02:45:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/05/13 15:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/03/17 19:52:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/17 19:50:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/04 22:15:08 | 006,918,144 | ---- | C] () -- C:\Users\Reginald\PCPE_3.0.msi
[2010/09/04 17:52:00 | 000,013,310 | ---- | C] () -- C:\Users\Reginald\Ubuntu.vmc.vpcbackup
[2010/09/04 17:44:18 | 1034,411,008 | ---- | C] () -- C:\Users\Reginald\Ubuntu.vhd
[2010/09/04 17:44:18 | 000,012,290 | ---- | C] () -- C:\Users\Reginald\Ubuntu.vmc
[2010/08/26 08:43:13 | 000,038,431 | ---- | C] () -- C:\Users\Reginald\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/08/11 08:40:57 | 000,006,656 | ---- | C] () -- C:\Users\Reginald\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 08:52:13 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

Reginald Hirsch · Aug 19, 2012

[2010/06/10 07:20:56 | 000,936,378 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/06/10 03:44:55 | 000,000,443 | ---- | C] () -- C:\Users\Reginald\AppData\Local\Win7_Upgrade.bat
[2010/06/10 03:05:51 | 000,001,087 | ---- | C] () -- C:\Users\Reginald\AppData\Local\Win7_tmp1.htm
[2009/07/29 10:25:54 | 000,305,823 | -H-- | C] () -- C:\Users\Reginald\windows-7-ultimate-crack.pdf
[2009/07/28 09:44:59 | 000,139,333 | -H-- | C] () -- C:\Users\Reginald\Better Business Bureau signature form0001.pdf
[2009/07/27 08:08:25 | 006,536,350 | -H-- | C] () -- C:\Users\Reginald\4637_0750.wmv
[2009/07/26 17:38:36 | 000,063,219 | -H-- | C] () -- C:\Users\Reginald\STL_052_394x493.jpg
[2009/07/25 07:08:57 | 000,870,128 | -H-- | C] () -- C:\Users\Reginald\AppData\Roaming\mcs.rma
[2009/07/25 06:53:19 | 000,037,240 | -H-- | C] () -- C:\Users\Reginald\NYT2010SRXReview.pdf
[2009/07/23 20:55:28 | 000,034,134 | -H-- | C] () -- C:\Users\Reginald\007.00.000151.00.pdf
[2009/07/23 20:38:16 | 003,901,263 | -H-- | C] () -- C:\Users\Reginald\100_0066.jpg
[2009/07/22 19:54:25 | 000,001,659 | -H-- | C] () -- C:\Users\Reginald\boltbb.jad
[2009/07/22 13:45:12 | 000,479,125 | -H-- | C] () -- C:\Users\Reginald\hack-garmin-2009-gps-update.pdf
[2009/07/22 13:15:44 | 000,042,205 | -H-- | C] () -- C:\Users\Reginald\hp=&pagew.pdf
[2009/07/22 13:05:01 | 000,129,573 | -H-- | C] () -- C:\Users\Reginald\AP-ML-UAE-B.pdf
[2009/07/22 08:21:59 | 000,107,667 | -H-- | C] () -- C:\Users\Reginald\o=IAH&d=COS&tm=&ns=Y.pdf
[2009/07/21 16:07:03 | 000,111,583 | -H-- | C] () -- C:\Users\Reginald\amexstatement.pdf
[2009/07/21 13:57:18 | 001,336,857 | -H-- | C] () -- C:\Users\Reginald\2675_OwnersManual.pdf
[2009/07/16 04:56:29 | 000,027,520 | ---- | C] () -- C:\Users\Reginald\VC.com
[2009/07/16 04:56:03 | 000,027,520 | -H-- | C] () -- C:\Users\Reginald\VCdotcom
[2009/07/15 09:51:46 | 001,795,072 | -H-- | C] () -- C:\Users\Reginald\cal715.pst
[2009/07/14 11:17:17 | 001,015,656 | -H-- | C] () -- C:\Users\Reginald\userguide_0x0D000D04_cdma.pdf
[2009/07/13 17:52:48 | 000,019,267 | -H-- | C] () -- C:\Users\Reginald\temporary orders 7-13-09r1.pdf
[2009/07/13 14:56:35 | 000,119,855 | -H-- | C] () -- C:\Users\Reginald\hubtype=TxCaseAlert.pdf
[2009/07/13 08:58:36 | 000,985,112 | -H-- | C] () -- C:\Users\Reginald\Backup-(2009-07-13).ipd
[2009/07/12 19:24:59 | 000,261,108 | -H-- | C] () -- C:\Users\Reginald\chrome.pdf
[2009/07/12 18:51:55 | 001,766,024 | -H-- | C] () -- C:\Users\Reginald\um_q1755_35572_0905.pdf
[2009/07/10 06:29:24 | 000,087,713 | -H-- | C] () -- C:\Users\Reginald\Leno3dparts.pdf
[2009/07/10 05:59:22 | 000,189,915 | -H-- | C] () -- C:\Users\Reginald\10cameras.pdf
[2009/07/09 19:00:04 | 002,910,900 | -H-- | C] () -- C:\Users\Reginald\dish2ndremote.pdf
[2009/07/09 11:16:40 | 000,277,647 | -H-- | C] () -- C:\Users\Reginald\la-sp-simers9-2009jul09,0,3895433.pdf
[2009/07/09 00:46:01 | 000,029,332 | -H-- | C] () -- C:\Users\Reginald\SB1000142405297020426170457427602.pdf
[2009/07/08 13:10:29 | 000,039,215 | -H-- | C] () -- C:\Users\Reginald\Morris Billing Summary0001.pdf
[2009/07/07 16:49:44 | 000,108,113 | -H-- | C] () -- C:\Users\Reginald\Motion for Protective Time Perion 7-7-090001.pdf
[2009/07/07 16:46:58 | 000,007,209 | -H-- | C] () -- C:\Users\Reginald\Robertson 7-7-09.pdf
[2009/07/07 13:07:14 | 000,008,176 | -H-- | C] () -- C:\Users\Reginald\Bucky 7-7-09.wpd
[2009/07/07 10:15:41 | 000,335,243 | -H-- | C] () -- C:\Users\Reginald\Motion To Compel Atty Contracts etc0001.pdf
[2009/07/07 07:12:29 | 000,058,189 | -H-- | C] () -- C:\Users\Reginald\usbmicromini.pdf
[2009/07/06 18:32:39 | 000,018,284 | -H-- | C] () -- C:\Users\Reginald\itouchcopy.pdf
[2009/07/03 11:33:51 | 000,027,352 | -H-- | C] () -- C:\Users\Reginald\orderconfirmationtour.pdf
[2009/07/01 19:04:41 | 001,579,815 | -H-- | C] () -- C:\Users\Reginald\100_0004.jpg
[2009/07/01 16:53:27 | 000,001,286 | -H-- | C] () -- C:\Users\Reginald\The New York Times - Breaking News, World News & Multimedia.url
[2009/06/27 19:08:13 | 001,551,597 | -H-- | C] () -- C:\Users\Reginald\CameraDockSeries3.pdf

========== LOP Check ==========

[2010/09/01 10:54:42 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Acronis
[2012/08/18 22:39:37 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\ActiveWords 2.0
[2012/08/18 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Anvisoft
[2010/06/10 01:27:29 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\Any Video Converter Professional
[2011/09/03 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Bandoo
[2010/06/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\BSplayer PRO
[2010/06/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\CopyTrans
[2010/06/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\CopyTransPhoto
[2010/08/29 07:16:34 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\DAEMON Tools Pro
[2012/08/18 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Dropbox
[2011/08/17 15:29:41 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\GARMIN
[2010/06/10 01:27:33 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\GlobalSCAPE
[2011/08/11 08:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\GoodSync
[2010/06/10 01:27:33 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\iCloner
[2010/06/10 01:27:34 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\iLibs
[2012/08/18 17:38:05 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\IPViewPro2
[2011/08/09 07:09:28 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\JawboneUpdater
[2011/08/15 07:09:53 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\kingsoft
[2011/08/13 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\KSafe
[2010/06/10 01:27:50 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\mjusbsp
[2010/06/10 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Nuance
[2010/06/10 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\OpenOffice.org
[2011/01/21 21:21:00 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\PCDr
[2010/08/13 21:28:03 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Research In Motion
[2011/08/11 10:36:26 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\RoboForm
[2010/06/10 01:27:57 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\ScanSoft
[2009/02/28 17:24:59 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\Skinux
[2010/06/10 01:27:59 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\Skyline
[2011/08/08 07:25:28 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Sling Media
[2010/08/29 07:44:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Stardock
[2011/07/21 10:00:06 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\TeamViewer
[2011/01/31 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\TightVNC
[2010/06/10 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\TimeBridge
[2010/06/10 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Uniblue
[2010/08/29 06:04:52 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\uTorrent
[2010/06/10 01:28:01 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\WindSolutions
[2010/06/10 01:28:01 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Zeon
[2012/08/14 13:03:40 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/13 22:53:46 | 000,027,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/18 22:10:13 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2012/08/18 23:55:29 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1D9D0871-37AF-43C2-BA55-FCB153C904EF}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

Reginald Hirsch · Aug 19, 2012

Wow sorry had to resend otl.txt

Reginald Hirsch · Aug 19, 2012

As to continuing issues the DDS run continues to show access issues and other issues of access denied
for instance from attach file
/18/2012 10:27:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/18/2012 10:18:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/18/2012 10:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/18/2012 10:15:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/18/2012 10:15:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/18/2012 10:15:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/18/2012 10:15:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/18/2012 10:15:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/18/2012 10:14:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
8/18/2012 10:14:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD asdrm CSC DfsC discache eeCtrl kmodurl MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Terminal Server Device Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Remote Desktop Services UserMode Port Redirector service depends on the Terminal Server Device Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Remote Desktop Configuration service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The DU Meter Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2012 10:13:55 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
8/18/2012 10:13:13 PM, Error: Service Control Manager [7043] - The Acronis Nonstop Backup service service did not shut down properly after receiving a preshutdown control.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The COMSysApp service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: A system shutdown is in progress.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not start due to a logon failure.
8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: A system shutdown is in progress.
8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service ComSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
8/18/2012 10:12:43 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/18/2012 10:12:12 PM, Error: Service Control Manager [7043] - The Acronis Scheduler2 Service service did not shut down properly after receiving a preshutdown control.
8/18/2012 10:08:03 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/15/2012 9:00:28 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/15/2012 9:00:28 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/15/2012 8:51:56 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
8/15/2012 8:23:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MICROSOFTSCM) service to connect.
8/15/2012 8:23:56 AM, Error: Service Control Manager [7000] - The SQL Server (MICROSOFTSCM) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2012 8:05:15 AM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
8/15/2012 7:43:54 AM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/15/2012 7:43:52 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/15/2012 7:43:44 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/15/2012 7:08:06 AM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2012 7:08:06 AM, Error: Service Control Manager [7038] - The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The pipe has been ended.

Reginald Hirsch · Aug 19, 2012

Also I'm thinking the rootkit did a nmber on my group policy see below although microsoft antimalware shows latest update version and seems to update note this
/14/2012 9:06:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/14/2012 7:55:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 9 service to connect.
8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/14/2012 7:09:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/14/2012 7:09:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/14/2012 4:49:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl kmodurl MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
8/14/2012 11:55:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\14.08.2012_18.17.56\zasubsys0000\file0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2076.0, AS: 1.131.2076.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/14/2012 11:30:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\14.08.2012_18.17.56\zasubsys0000\file0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2076.0, AS: 1.131.2076.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/14/2012 1:04:59 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Broni · Aug 19, 2012

Don't worry about those errors.
What I want to know is if you have current visible issues with your computer.

=====================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (no name) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([connect] * in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([mygarmin] * in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([locate] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([shop] https in Trusted sites)
O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: CaptureClient http://192.168.1.110/CaptureClient.cab (Reg Error: Key error.)
[2012/08/14 21:28:26 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=========================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni · Aug 24, 2012

Still with me?

Broni · Aug 29, 2012

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

TechSpot

Welcome to TechSpot

[A] Warning: possible TDL3 rootkit infection !

Broni Malware Annihilator Posts: 39,375 +177

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Reginald Hirsch Newcomer, in training Posts: 30

Broni Malware Annihilator Posts: 39,375 +177

Broni Malware Annihilator Posts: 39,375 +177

Broni Malware Annihilator Posts: 39,375 +177

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.