Browser hijacked by http://search.entru.com/?s=1109

Solved
By Rev1979
Feb 3, 2012
Topic Status:
Not open for further replies.
  1. 4 of the 5 steps follow

    I cannot download DDS.scr -- IExplorer says file access denied (permissions issue) -- Firefox attempts to download the file and then shows "failed" and "file not found" -- Tried getting it from another computer and copying it from a thumb-drive, but the file is immediately deleted when I try to run it.

    Thanks


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.02.04

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Owner :: HTPC1 [administrator]

    Protection: Disabled

    2/2/2012 7:37:50 PM
    mbam-log-2012-02-02 (19-37-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194488
    Time elapsed: 6 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-03 10:15:03
    Windows 6.1.7600
    Running: gmer.exe


    ---- Services - GMER 1.0.15 ----

    Service system32\DRIVERS\vdrv1000.sys (*** hidden *** ) [SYSTEM] vdrv1000 <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group SCSI Miniport
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag 66
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group SCSI Miniport
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start 1
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag 66
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count 1
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance 1
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@0 1
    Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6E134826-3DC5-4D8E-9ED9-BA81933166D3.data 147456 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6E134826-3DC5-4D8E-9ED9-BA81933166D3.data.info 108 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0CB8C74-5856-47A4-A38F-9601AAB73956.data 1159168 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0CB8C74-5856-47A4-A38F-9601AAB73956.data.info 224 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C7546795-4E94-4731-BFE7-DDF4EE9DA1AC.data 147456 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C7546795-4E94-4731-BFE7-DDF4EE9DA1AC.data.info 108 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
    File C:\ProgramData\SnapStream\Beyond TV\lucene-staging\episodes\segments_m 45 bytes
    File C:\ProgramData\SnapStream\Beyond TV\lucene-staging\episodes\_c.cfs 414326106 bytes
    File C:\ProgramData\SnapStream\Beyond TV\lucene-staging\episodes2 0 bytes
    File C:\Users\Owner\AppData\Roaming\Thunderbird\Profiles\ulq93u7d.default\cookies.sqlite-journal 2576 bytes
    File C:\Users\Owner\AppData\Roaming\Thunderbird\Profiles\ulq93u7d.default\parent.lock 0 bytes

    ---- EOF - GMER 1.0.15 ----
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I'll help with the malware.

    You got enough done for me to see that you have a rootkit on the Virtual CD
    Company: H+H Software GmbH
    Description: Virtual CD - XP/2003/Vista/Win7 Driver 32-Bit *1
    ================================================
    Let's run this first please:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    Save the log and post in your next reply.
    ========================================
    Follow with>
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    Once I check these logs, hopfully I'll be able to see which of the abundance of rootkits you have and proceed in the best way.

    Please leave TDSSKiller log and the 2 OTL logs in your next reply.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
  3. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    13:43:26.0000 4852 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
    13:43:26.0594 4852 ============================================================
    13:43:26.0594 4852 Current date / time: 2012/02/03 13:43:26.0594
    13:43:26.0594 4852 SystemInfo:
    13:43:26.0594 4852
    13:43:26.0594 4852 OS Version: 6.1.7600 ServicePack: 0.0
    13:43:26.0594 4852 Product type: Workstation
    13:43:26.0595 4852 ComputerName: HTPC1
    13:43:26.0595 4852 UserName: Owner
    13:43:26.0595 4852 Windows directory: C:\Windows
    13:43:26.0595 4852 System windows directory: C:\Windows
    13:43:26.0595 4852 Running under WOW64
    13:43:26.0596 4852 Processor architecture: Intel x64
    13:43:26.0596 4852 Number of processors: 4
    13:43:26.0596 4852 Page size: 0x1000
    13:43:26.0596 4852 Boot type: Normal boot
    13:43:26.0596 4852 ============================================================
    13:43:27.0447 4852 Drive \Device\Harddisk2\DR2 - Size: 0x15D50B5DE00 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C880, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:43:27.0448 4852 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:43:27.0449 4852 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:43:27.0449 4852 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:43:27.0450 4852 Drive \Device\Harddisk4\DR4 - Size: 0x15D50B5DE00 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C880, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:43:27.0450 4852 Drive \Device\Harddisk5\DR5 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:43:27.0467 4852 \Device\Harddisk2\DR2:
    13:43:27.0497 4852 MBR used
    13:43:27.0497 4852 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
    13:43:27.0497 4852 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xC7FF800, BlocksNum 0xA2285000
    13:43:27.0497 4852 \Device\Harddisk3\DR3:
    13:43:27.0497 4852 MBR used
    13:43:27.0497 4852 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
    13:43:27.0497 4852 \Device\Harddisk0\DR0:
    13:43:27.0498 4852 MBR used
    13:43:27.0498 4852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
    13:43:27.0498 4852 \Device\Harddisk1\DR1:
    13:43:27.0498 4852 MBR used
    13:43:27.0498 4852 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
    13:43:27.0498 4852 \Device\Harddisk4\DR4:
    13:43:27.0498 4852 MBR used
    13:43:27.0498 4852 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA84800
    13:43:27.0498 4852 \Device\Harddisk5\DR5:
    13:43:27.0498 4852 MBR used
    13:43:27.0498 4852 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    13:43:27.0569 4852 Initialize success
    13:43:27.0569 4852 ============================================================
    13:43:42.0765 7292 ============================================================
    13:43:42.0765 7292 Scan started
    13:43:42.0766 7292 Mode: Manual; TDLFS;
    13:43:42.0766 7292 ============================================================
    13:43:43.0562 7292 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    13:43:43.0567 7292 1394ohci - ok
    13:43:43.0591 7292 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    13:43:43.0594 7292 ACPI - ok
    13:43:43.0626 7292 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    13:43:43.0627 7292 AcpiPmi - ok
    13:43:43.0656 7292 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    13:43:43.0660 7292 adp94xx - ok
    13:43:43.0679 7292 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    13:43:43.0682 7292 adpahci - ok
    13:43:43.0694 7292 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    13:43:43.0696 7292 adpu320 - ok
    13:43:43.0751 7292 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
    13:43:43.0756 7292 afcdp - ok
    13:43:43.0803 7292 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    13:43:43.0811 7292 AFD - ok
    13:43:43.0835 7292 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    13:43:43.0837 7292 agp440 - ok
    13:43:43.0862 7292 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    13:43:43.0863 7292 aliide - ok
    13:43:43.0874 7292 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    13:43:43.0875 7292 amdide - ok
    13:43:43.0894 7292 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    13:43:43.0895 7292 AmdK8 - ok
    13:43:43.0906 7292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    13:43:43.0907 7292 AmdPPM - ok
    13:43:43.0940 7292 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    13:43:43.0941 7292 amdsata - ok
    13:43:43.0954 7292 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    13:43:43.0956 7292 amdsbs - ok
    13:43:43.0969 7292 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    13:43:43.0970 7292 amdxata - ok
    13:43:44.0011 7292 AnyDVD (1f8e9426219263cb3ce9ac1735a68d9e) C:\Windows\system32\Drivers\AnyDVD.sys
    13:43:44.0013 7292 AnyDVD - ok
    13:43:44.0040 7292 Apowersoft_AudioDevice (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
    13:43:44.0041 7292 Apowersoft_AudioDevice - ok
    13:43:44.0086 7292 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    13:43:44.0088 7292 AppID - ok
    13:43:44.0143 7292 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
    13:43:44.0144 7292 AppleCharger - ok
    13:43:44.0160 7292 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    13:43:44.0161 7292 arc - ok
    13:43:44.0173 7292 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    13:43:44.0175 7292 arcsas - ok
    13:43:44.0212 7292 ArcSec (a7409b5c0e35ddee64f16f3054e5530b) C:\Windows\system32\drivers\ArcSec.sys
    13:43:44.0215 7292 ArcSec - ok
    13:43:44.0245 7292 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:43:44.0246 7292 AsyncMac - ok
    13:43:44.0260 7292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    13:43:44.0261 7292 atapi - ok
    13:43:44.0349 7292 AvsBluebird (e99b158d561e6986ec5b4dd0d3ab57f0) C:\Windows\system32\drivers\bluebird64.sys
    13:43:44.0359 7292 AvsBluebird - ok
    13:43:44.0388 7292 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    13:43:44.0392 7292 b06bdrv - ok
    13:43:44.0412 7292 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:43:44.0415 7292 b57nd60a - ok
    13:43:44.0436 7292 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    13:43:44.0436 7292 Beep - ok
    13:43:44.0465 7292 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:43:44.0466 7292 blbdrive - ok
    13:43:44.0498 7292 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    13:43:44.0499 7292 bowser - ok
    13:43:44.0510 7292 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    13:43:44.0511 7292 BrFiltLo - ok
    13:43:44.0521 7292 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    13:43:44.0522 7292 BrFiltUp - ok
    13:43:44.0549 7292 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    13:43:44.0550 7292 BridgeMP - ok
    13:43:44.0586 7292 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    13:43:44.0588 7292 Brserid - ok
    13:43:44.0606 7292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:43:44.0606 7292 BrSerWdm - ok
    13:43:44.0617 7292 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:43:44.0617 7292 BrUsbMdm - ok
    13:43:44.0628 7292 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    13:43:44.0628 7292 BrUsbSer - ok
    13:43:44.0641 7292 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    13:43:44.0642 7292 BTHMODEM - ok
    13:43:44.0666 7292 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:43:44.0668 7292 cdfs - ok
    13:43:44.0685 7292 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    13:43:44.0687 7292 cdrom - ok
    13:43:44.0700 7292 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    13:43:44.0701 7292 circlass - ok
    13:43:44.0741 7292 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    13:43:44.0744 7292 CLFS - ok
    13:43:44.0773 7292 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:43:44.0773 7292 CmBatt - ok
    13:43:44.0815 7292 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
    13:43:44.0816 7292 cmderd - ok
    13:43:44.0849 7292 cmdGuard (755f1e440b6c90d83fe3e50331e55298) C:\Windows\system32\DRIVERS\cmdguard.sys
    13:43:44.0853 7292 cmdGuard - ok
    13:43:44.0872 7292 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
    13:43:44.0873 7292 cmdHlp - ok
    13:43:44.0883 7292 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    13:43:44.0884 7292 cmdide - ok
    13:43:44.0924 7292 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    13:43:44.0927 7292 CNG - ok
    13:43:44.0937 7292 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    13:43:44.0938 7292 Compbatt - ok
    13:43:44.0956 7292 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:43:44.0956 7292 CompositeBus - ok
    13:43:45.0005 7292 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
    13:43:45.0007 7292 cpuz134 - ok
    13:43:45.0025 7292 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
    13:43:45.0026 7292 cpuz135 - ok
    13:43:45.0051 7292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    13:43:45.0052 7292 crcdisk - ok
    13:43:45.0117 7292 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    13:43:45.0126 7292 CSC - ok
    13:43:45.0185 7292 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    13:43:45.0187 7292 DfsC - ok
    13:43:45.0202 7292 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    13:43:45.0203 7292 discache - ok
    13:43:45.0220 7292 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    13:43:45.0221 7292 Disk - ok
    13:43:45.0265 7292 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    13:43:45.0266 7292 drmkaud - ok
    13:43:45.0374 7292 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    13:43:45.0389 7292 DXGKrnl - ok
    13:43:45.0454 7292 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    13:43:45.0473 7292 ebdrv - ok
    13:43:45.0510 7292 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    13:43:45.0511 7292 ElbyCDIO - ok
    13:43:45.0530 7292 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    13:43:45.0533 7292 elxstor - ok
    13:43:45.0548 7292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    13:43:45.0548 7292 ErrDev - ok
    13:43:45.0625 7292 esgiguard - ok
    13:43:45.0659 7292 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    13:43:45.0662 7292 exfat - ok
    13:43:45.0707 7292 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    13:43:45.0709 7292 fastfat - ok
    13:43:45.0736 7292 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    13:43:45.0737 7292 fdc - ok
    13:43:45.0755 7292 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    13:43:45.0756 7292 FileInfo - ok
    13:43:45.0771 7292 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    13:43:45.0772 7292 Filetrace - ok
    13:43:45.0793 7292 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:43:45.0794 7292 flpydisk - ok
    13:43:45.0810 7292 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    13:43:45.0812 7292 FltMgr - ok
    13:43:45.0842 7292 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    13:43:45.0843 7292 FsDepends - ok
    13:43:45.0854 7292 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    13:43:45.0855 7292 Fs_Rec - ok
    13:43:45.0891 7292 FTDIBUS (1497c938b4bfb454829c6ccb69d81348) C:\Windows\system32\drivers\ftdibus.sys
    13:43:45.0892 7292 FTDIBUS - ok
    13:43:45.0923 7292 FTSER2K (37c9d167f0bd2ce0a5d5e160cc87758a) C:\Windows\system32\drivers\ftser2k.sys
    13:43:45.0925 7292 FTSER2K - ok
    13:43:45.0971 7292 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    13:43:45.0976 7292 fvevol - ok
    13:43:46.0000 7292 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    13:43:46.0001 7292 gagp30kx - ok
    13:43:46.0042 7292 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
    13:43:46.0043 7292 gdrv - ok
    13:43:46.0080 7292 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:43:46.0081 7292 GEARAspiWDM - ok
    13:43:46.0104 7292 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
    13:43:46.0104 7292 GVTDrv64 - ok
    13:43:46.0126 7292 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    13:43:46.0127 7292 hcw85cir - ok
    13:43:46.0176 7292 hcw89 (cf2e500e1060d94f6259c3a9038018bc) C:\Windows\system32\DRIVERS\hcw89.sys
    13:43:46.0188 7292 hcw89 - ok
    13:43:46.0220 7292 hcwAVD2 (b03080695738a3edcdc06a50712aaf8d) C:\Windows\system32\drivers\HCWUSB264.sys
    13:43:46.0222 7292 hcwAVD2 - ok
    13:43:46.0269 7292 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    13:43:46.0272 7292 HdAudAddService - ok
    13:43:46.0294 7292 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:43:46.0296 7292 HDAudBus - ok
    13:43:46.0329 7292 HH10Help.sys (62fb29642745dd290910bfd79537fce0) C:\Windows\system32\drivers\HH10Help.sys
    13:43:46.0329 7292 HH10Help.sys - ok
    13:43:46.0342 7292 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    13:43:46.0342 7292 HidBatt - ok
    13:43:46.0355 7292 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    13:43:46.0356 7292 HidBth - ok
    13:43:46.0368 7292 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    13:43:46.0369 7292 HidIr - ok
    13:43:46.0394 7292 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    13:43:46.0395 7292 HidUsb - ok
    13:43:46.0416 7292 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    13:43:46.0417 7292 HpSAMD - ok
    13:43:46.0442 7292 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    13:43:46.0446 7292 HTTP - ok
    13:43:46.0466 7292 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    13:43:46.0466 7292 hwpolicy - ok
    13:43:46.0478 7292 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:43:46.0479 7292 i8042prt - ok
    13:43:46.0519 7292 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    13:43:46.0521 7292 iaStorV - ok
    13:43:46.0562 7292 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    13:43:46.0565 7292 iirsp - ok
    13:43:46.0636 7292 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
    13:43:46.0639 7292 inspect - ok
    13:43:46.0741 7292 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
    13:43:46.0756 7292 IntcAzAudAddService - ok
    13:43:46.0769 7292 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    13:43:46.0770 7292 intelide - ok
    13:43:46.0807 7292 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    13:43:46.0808 7292 intelppm - ok
    13:43:46.0832 7292 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:43:46.0834 7292 IpFilterDriver - ok
    13:43:46.0856 7292 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    13:43:46.0859 7292 IPMIDRV - ok
    13:43:46.0872 7292 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    13:43:46.0873 7292 IPNAT - ok
    13:43:46.0895 7292 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    13:43:46.0896 7292 IRENUM - ok
    13:43:46.0908 7292 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    13:43:46.0909 7292 isapnp - ok
    13:43:46.0929 7292 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:43:46.0932 7292 iScsiPrt - ok
    13:43:46.0944 7292 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:43:46.0945 7292 kbdclass - ok
    13:43:46.0958 7292 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:43:46.0959 7292 kbdhid - ok
    13:43:46.0999 7292 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    13:43:47.0000 7292 KSecDD - ok
    13:43:47.0024 7292 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    13:43:47.0026 7292 KSecPkg - ok
    13:43:47.0038 7292 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    13:43:47.0039 7292 ksthunk - ok
    13:43:47.0098 7292 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    13:43:47.0099 7292 lltdio - ok
    13:43:47.0121 7292 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    13:43:47.0123 7292 LSI_FC - ok
    13:43:47.0135 7292 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    13:43:47.0137 7292 LSI_SAS - ok
    13:43:47.0148 7292 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    13:43:47.0150 7292 LSI_SAS2 - ok
    13:43:47.0163 7292 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    13:43:47.0165 7292 LSI_SCSI - ok
    13:43:47.0185 7292 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    13:43:47.0186 7292 luafv - ok
    13:43:47.0222 7292 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
    13:43:47.0225 7292 MarvinBus - ok
    13:43:47.0271 7292 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    13:43:47.0272 7292 MBAMProtector - ok
    13:43:47.0289 7292 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    13:43:47.0290 7292 megasas - ok
    13:43:47.0311 7292 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    13:43:47.0314 7292 MegaSR - ok
    13:43:47.0350 7292 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    13:43:47.0351 7292 Modem - ok
    13:43:47.0362 7292 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    13:43:47.0363 7292 monitor - ok
    13:43:47.0378 7292 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    13:43:47.0379 7292 mouclass - ok
    13:43:47.0424 7292 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    13:43:47.0426 7292 mouhid - ok
    13:43:47.0446 7292 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    13:43:47.0449 7292 mountmgr - ok
    13:43:47.0495 7292 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    13:43:47.0496 7292 MpFilter - ok
    13:43:47.0508 7292 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    13:43:47.0509 7292 mpio - ok
    13:43:47.0522 7292 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    13:43:47.0522 7292 MpNWMon - ok
    13:43:47.0534 7292 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    13:43:47.0535 7292 mpsdrv - ok
    13:43:47.0548 7292 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    13:43:47.0549 7292 MRxDAV - ok
    13:43:47.0586 7292 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:43:47.0590 7292 mrxsmb - ok
    13:43:47.0635 7292 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:43:47.0640 7292 mrxsmb10 - ok
    13:43:47.0668 7292 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:43:47.0671 7292 mrxsmb20 - ok
    13:43:47.0690 7292 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    13:43:47.0691 7292 msahci - ok
    13:43:47.0713 7292 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    13:43:47.0716 7292 msdsm - ok
    13:43:47.0757 7292 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    13:43:47.0758 7292 Msfs - ok
    13:43:47.0774 7292 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    13:43:47.0775 7292 mshidkmdf - ok
    13:43:47.0794 7292 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    13:43:47.0794 7292 msisadrv - ok
    13:43:47.0837 7292 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    13:43:47.0837 7292 MSKSSRV - ok
    13:43:47.0862 7292 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:43:47.0863 7292 MSPCLOCK - ok
    13:43:47.0874 7292 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    13:43:47.0875 7292 MSPQM - ok
    13:43:47.0895 7292 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    13:43:47.0898 7292 MsRPC - ok
    13:43:47.0910 7292 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:43:47.0910 7292 mssmbios - ok
    13:43:47.0953 7292 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    13:43:47.0953 7292 MSTEE - ok
    13:43:47.0973 7292 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    13:43:47.0974 7292 MTConfig - ok
    13:43:47.0997 7292 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    13:43:47.0998 7292 Mup - ok
    13:43:48.0031 7292 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    13:43:48.0033 7292 NativeWifiP - ok
    13:43:48.0066 7292 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    13:43:48.0071 7292 NDIS - ok
    13:43:48.0106 7292 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:43:48.0106 7292 NdisCap - ok
    13:43:48.0127 7292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:43:48.0128 7292 NdisTapi - ok
    13:43:48.0140 7292 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:43:48.0141 7292 Ndisuio - ok
    13:43:48.0205 7292 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:43:48.0209 7292 NdisWan - ok
    13:43:48.0226 7292 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    13:43:48.0229 7292 NDProxy - ok
    13:43:48.0247 7292 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    13:43:48.0248 7292 NetBIOS - ok
    13:43:48.0339 7292 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    13:43:48.0341 7292 NetBT - ok
    13:43:48.0367 7292 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    13:43:48.0368 7292 nfrd960 - ok
    13:43:48.0410 7292 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    13:43:48.0411 7292 NisDrv - ok
    13:43:48.0433 7292 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    13:43:48.0434 7292 Npfs - ok
    13:43:48.0459 7292 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    13:43:48.0459 7292 nsiproxy - ok
    13:43:48.0560 7292 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    13:43:48.0568 7292 Ntfs - ok
    13:43:48.0604 7292 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    13:43:48.0604 7292 Null - ok
    13:43:48.0665 7292 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
    13:43:48.0667 7292 nusb3hub - ok
    13:43:48.0743 7292 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    13:43:48.0745 7292 nusb3xhc - ok
    13:43:49.0134 7292 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    13:43:49.0194 7292 nvlddmkm - ok
    13:43:49.0308 7292 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    13:43:49.0310 7292 nvraid - ok
    13:43:49.0334 7292 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    13:43:49.0335 7292 nvstor - ok
    13:43:49.0399 7292 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    13:43:49.0400 7292 nv_agp - ok
    13:43:49.0428 7292 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    13:43:49.0431 7292 ohci1394 - ok
    13:43:49.0485 7292 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    13:43:49.0486 7292 Parport - ok
    13:43:49.0508 7292 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    13:43:49.0510 7292 partmgr - ok
    13:43:49.0546 7292 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    13:43:49.0547 7292 pci - ok
    13:43:49.0594 7292 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    13:43:49.0595 7292 pciide - ok
    13:43:49.0648 7292 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    13:43:49.0650 7292 pcmcia - ok
    13:43:49.0661 7292 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    13:43:49.0661 7292 pcw - ok
    13:43:49.0719 7292 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    13:43:49.0723 7292 PEAUTH - ok
    13:43:49.0875 7292 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    13:43:49.0878 7292 PptpMiniport - ok
    13:43:49.0903 7292 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    13:43:49.0905 7292 Processor - ok
    13:43:49.0962 7292 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    13:43:49.0964 7292 Psched - ok
    13:43:50.0061 7292 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
    13:43:50.0061 7292 PxHlpa64 - ok
    13:43:50.0135 7292 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    13:43:50.0143 7292 ql2300 - ok
    13:43:50.0185 7292 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    13:43:50.0187 7292 ql40xx - ok
    13:43:50.0331 7292 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    13:43:50.0332 7292 QWAVEdrv - ok
    13:43:50.0418 7292 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    13:43:50.0420 7292 RasAcd - ok
    13:43:50.0541 7292 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:43:50.0543 7292 RasAgileVpn - ok
    13:43:50.0654 7292 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:43:50.0655 7292 Rasl2tp - ok
    13:43:50.0694 7292 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:43:50.0695 7292 RasPppoe - ok
    13:43:50.0756 7292 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    13:43:50.0757 7292 RasSstp - ok
    13:43:50.0865 7292 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    13:43:50.0867 7292 rdbss - ok
    13:43:50.0889 7292 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    13:43:50.0890 7292 rdpbus - ok
    13:43:50.0966 7292 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:43:50.0968 7292 RDPCDD - ok
    13:43:51.0071 7292 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    13:43:51.0072 7292 RDPDR - ok
    13:43:51.0099 7292 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    13:43:51.0099 7292 RDPENCDD - ok
    13:43:51.0134 7292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    13:43:51.0134 7292 RDPREFMP - ok
    13:43:51.0223 7292 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    13:43:51.0228 7292 RDPWD - ok
    13:43:51.0291 7292 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    13:43:51.0293 7292 rdyboost - ok
    13:43:51.0403 7292 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    13:43:51.0406 7292 rspndr - ok
    13:43:51.0580 7292 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
    13:43:51.0584 7292 RTL8167 - ok
    13:43:51.0833 7292 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    13:43:51.0835 7292 s3cap - ok
    13:43:52.0035 7292 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    13:43:52.0036 7292 SASDIFSV - ok
    13:43:52.0073 7292 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    13:43:52.0074 7292 SASKUTIL - ok
    13:43:52.0269 7292 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    13:43:52.0273 7292 sbp2port - ok
    13:43:52.0372 7292 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    13:43:52.0374 7292 scfilter - ok
    13:43:52.0450 7292 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:43:52.0453 7292 secdrv - ok
    13:43:52.0689 7292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    13:43:52.0690 7292 Serenum - ok
    13:43:52.0732 7292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    13:43:52.0733 7292 Serial - ok
    13:43:52.0755 7292 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    13:43:52.0756 7292 sermouse - ok
    13:43:53.0018 7292 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    13:43:53.0019 7292 sffdisk - ok
    13:43:53.0233 7292 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    13:43:53.0234 7292 sffp_mmc - ok
    13:43:53.0285 7292 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    13:43:53.0287 7292 sffp_sd - ok
    13:43:53.0321 7292 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    13:43:53.0322 7292 sfloppy - ok
    13:43:53.0512 7292 Si3132r5 (68ba8f870e3e37646138497950ffa6a1) C:\Windows\system32\DRIVERS\Si3132r5.sys
    13:43:53.0519 7292 Si3132r5 - ok
    13:43:53.0548 7292 SiFilter (0dd2045a3c42ce78ed6dbf1ea2a61ece) C:\Windows\system32\DRIVERS\SiWinAcc.sys
    13:43:53.0550 7292 SiFilter - ok
    13:43:53.0562 7292 SiRemFil (1e541838ba90611c9a5c2d7d53db3edd) C:\Windows\system32\DRIVERS\SiRemFil.sys
    13:43:53.0563 7292 SiRemFil - ok
    13:43:53.0617 7292 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    13:43:53.0620 7292 SiSRaid2 - ok
    13:43:53.0676 7292 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    13:43:53.0679 7292 SiSRaid4 - ok
    13:43:53.0734 7292 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
    13:43:53.0735 7292 SmartDefragDriver - ok
    13:43:53.0790 7292 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    13:43:53.0791 7292 Smb - ok
    13:43:53.0902 7292 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
    13:43:53.0907 7292 snapman - ok
    13:43:53.0975 7292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    13:43:53.0976 7292 spldr - ok
    13:43:54.0136 7292 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    13:43:54.0145 7292 srv - ok
    13:43:54.0204 7292 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    13:43:54.0207 7292 srv2 - ok
    13:43:54.0282 7292 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    13:43:54.0284 7292 srvnet - ok
    13:43:54.0487 7292 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    13:43:54.0488 7292 stexstor - ok
    13:43:54.0600 7292 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    13:43:54.0603 7292 storflt - ok
    13:43:54.0672 7292 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    13:43:54.0673 7292 storvsc - ok
    13:43:54.0702 7292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    13:43:54.0703 7292 swenum - ok
    13:43:54.0842 7292 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    13:43:54.0853 7292 Tcpip - ok
    13:43:55.0103 7292 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    13:43:55.0120 7292 TCPIP6 - ok
    13:43:55.0211 7292 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    13:43:55.0212 7292 tcpipreg - ok
    13:43:55.0367 7292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    13:43:55.0368 7292 TDPIPE - ok
    13:43:55.0543 7292 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
    13:43:55.0550 7292 tdrpman273 - ok
    13:43:55.0596 7292 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    13:43:55.0596 7292 TDTCP - ok
    13:43:55.0637 7292 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    13:43:55.0638 7292 tdx - ok
    13:43:55.0727 7292 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    13:43:55.0730 7292 TermDD - ok
    13:43:55.0808 7292 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
    13:43:55.0814 7292 timounter - ok
    13:43:55.0947 7292 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:43:55.0949 7292 tssecsrv - ok
    13:43:56.0012 7292 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    13:43:56.0014 7292 tunnel - ok
    13:43:56.0037 7292 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    13:43:56.0038 7292 uagp35 - ok
    13:43:56.0053 7292 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    13:43:56.0055 7292 udfs - ok
    13:43:56.0114 7292 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    13:43:56.0117 7292 uliagpkx - ok
    13:43:56.0274 7292 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    13:43:56.0275 7292 umbus - ok
    13:43:56.0287 7292 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    13:43:56.0288 7292 UmPass - ok
    13:43:56.0436 7292 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:43:56.0437 7292 usbccgp - ok
    13:43:56.0815 7292 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    13:43:56.0819 7292 usbcir - ok
    13:43:56.0841 7292 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    13:43:56.0842 7292 usbehci - ok
    13:43:56.0994 7292 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    13:43:57.0002 7292 usbhub - ok
    13:43:57.0116 7292 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
    13:43:57.0118 7292 usbohci - ok
    13:43:57.0158 7292 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    13:43:57.0159 7292 usbprint - ok
    13:43:57.0181 7292 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:43:57.0183 7292 USBSTOR - ok
    13:43:57.0259 7292 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
    13:43:57.0260 7292 usbuhci - ok
    13:43:57.0308 7292 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
    13:43:57.0309 7292 vcd10bus - ok
    13:43:57.0365 7292 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
    13:43:57.0365 7292 VClone - ok
    13:43:57.0368 7292 Suspicious service (NoAccess): vdrv1000
    13:43:57.0419 7292 vdrv1000 (7439dec2107430657350c8f2a20fe7cc) C:\Windows\system32\DRIVERS\vdrv1000.sys
    13:43:57.0425 7292 vdrv1000 ( LockedService.Multi.Generic ) - warning
    13:43:57.0426 7292 vdrv1000 - detected LockedService.Multi.Generic (1)
    13:43:57.0554 7292 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    13:43:57.0556 7292 vdrvroot - ok
    13:43:57.0719 7292 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:43:57.0721 7292 vga - ok
    13:43:57.0823 7292 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    13:43:57.0826 7292 VgaSave - ok
    13:43:58.0547 7292 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    13:43:58.0549 7292 vhdmp - ok
    13:43:58.0843 7292 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    13:43:58.0844 7292 viaide - ok
    13:43:59.0037 7292 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    13:43:59.0039 7292 vmbus - ok
    13:43:59.0209 7292 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    13:43:59.0211 7292 VMBusHID - ok
    13:43:59.0286 7292 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    13:43:59.0288 7292 volmgr - ok
    13:43:59.0345 7292 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    13:43:59.0349 7292 volmgrx - ok
    13:43:59.0492 7292 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    13:43:59.0495 7292 volsnap - ok
    13:43:59.0573 7292 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    13:43:59.0575 7292 vsmraid - ok
    13:43:59.0611 7292 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    13:43:59.0612 7292 vwifibus - ok
    13:43:59.0651 7292 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    13:43:59.0652 7292 WacomPen - ok
    13:43:59.0684 7292 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    13:43:59.0686 7292 WANARP - ok
    13:43:59.0691 7292 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    13:43:59.0693 7292 Wanarpv6 - ok
    13:43:59.0775 7292 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    13:43:59.0776 7292 Wd - ok
    13:43:59.0803 7292 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    13:43:59.0807 7292 Wdf01000 - ok
    13:43:59.0849 7292 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:43:59.0849 7292 WfpLwf - ok
    13:43:59.0876 7292 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    13:43:59.0876 7292 WIMMount - ok
    13:43:59.0938 7292 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:43:59.0939 7292 WmiAcpi - ok
    13:43:59.0983 7292 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    13:43:59.0984 7292 ws2ifsl - ok
    13:44:00.0046 7292 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
    13:44:00.0047 7292 WsAudio_DeviceS(1) - ok
    13:44:00.0103 7292 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
    13:44:00.0104 7292 WsAudio_DeviceS(2) - ok
    13:44:00.0201 7292 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
    13:44:00.0202 7292 WsAudio_DeviceS(3) - ok
    13:44:00.0229 7292 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
    13:44:00.0230 7292 WsAudio_DeviceS(4) - ok
    13:44:00.0272 7292 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
    13:44:00.0273 7292 WsAudio_DeviceS(5) - ok
    13:44:00.0344 7292 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    13:44:00.0345 7292 WSDPrintDevice - ok
    13:44:00.0362 7292 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
    13:44:00.0363 7292 WSDScan - ok
    13:44:00.0410 7292 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    13:44:00.0411 7292 WudfPf - ok
    13:44:00.0438 7292 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:44:00.0439 7292 WUDFRd - ok
    13:44:00.0508 7292 XUIF (6533f30045b0a234783bd8b4069f0433) C:\Windows\system32\Drivers\x10ufx2.sys
    13:44:00.0509 7292 XUIF - ok
    13:44:00.0556 7292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    13:44:00.0746 7292 \Device\Harddisk2\DR2 - ok
    13:44:00.0749 7292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
    13:44:00.0879 7292 \Device\Harddisk3\DR3 - ok
    13:44:00.0882 7292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:44:00.0975 7292 \Device\Harddisk0\DR0 - ok
    13:44:00.0978 7292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    13:44:01.0055 7292 \Device\Harddisk1\DR1 - ok
    13:44:01.0080 7292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
    13:44:01.0168 7292 \Device\Harddisk4\DR4 - ok
    13:44:01.0171 7292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk5\DR5
    13:44:01.0231 7292 \Device\Harddisk5\DR5 - ok
    13:44:01.0239 7292 Boot (0x1200) (73fddb646044ebfc986f7be87a904350) \Device\Harddisk2\DR2\Partition0
    13:44:01.0247 7292 \Device\Harddisk2\DR2\Partition0 - ok
    13:44:01.0262 7292 Boot (0x1200) (12ac781013c0afee00b3dc759ea2217e) \Device\Harddisk2\DR2\Partition1
    13:44:01.0266 7292 \Device\Harddisk2\DR2\Partition1 - ok
    13:44:01.0269 7292 Boot (0x1200) (a9d8b0d6c6453edfc8e3b0f4c852a880) \Device\Harddisk3\DR3\Partition0
    13:44:01.0271 7292 \Device\Harddisk3\DR3\Partition0 - ok
    13:44:01.0274 7292 Boot (0x1200) (2389003927d383a689d4938316d63734) \Device\Harddisk0\DR0\Partition0
    13:44:01.0275 7292 \Device\Harddisk0\DR0\Partition0 - ok
    13:44:01.0278 7292 Boot (0x1200) (a4133e102ef83f95e02638c465cf5d2d) \Device\Harddisk1\DR1\Partition0
    13:44:01.0279 7292 \Device\Harddisk1\DR1\Partition0 - ok
    13:44:01.0281 7292 Boot (0x1200) (a3ab75451e60718d5b1ef6ab24c6e2a5) \Device\Harddisk4\DR4\Partition0
    13:44:01.0282 7292 \Device\Harddisk4\DR4\Partition0 - ok
    13:44:01.0285 7292 Boot (0x1200) (3cb8e860dc3f8246c69b89a8d47e54df) \Device\Harddisk5\DR5\Partition0
    13:44:01.0286 7292 \Device\Harddisk5\DR5\Partition0 - ok
    13:44:01.0287 7292 ============================================================
    13:44:01.0287 7292 Scan finished
    13:44:01.0287 7292 ============================================================
    13:44:01.0298 7288 Detected object count: 1
    13:44:01.0298 7288 Actual detected object count: 1
    13:44:36.0939 7288 C:\Windows\system32\DRIVERS\vdrv1000.sys - copied to quarantine
    13:44:36.0940 7288 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Quarantine
  4. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL logfile created on: 2/3/2012 2:45:38 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 66.93% Memory free
    11.99 Gb Paging File | 8.61 Gb Available in Paging File | 71.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 25.46 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
    Drive D: | 1297.26 Gb Total Space | 204.43 Gb Free Space | 15.76% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 31.26 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
    Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 104.70 Gb Free Space | 5.62% Space Free | Partition Type: NTFS

    Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
    PRC - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    PRC - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
    PRC - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\69bda21840366b9d2b39c0773eef560e\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ef5dfba3465d24562cb115ffa1dddf23\System.Web.Services.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\45459468ddc7fa0601c11e9f05a118f3\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a14ee8d37b4ad1dea0551b02562da9b9\System.EnterpriseServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\bc87888a4a9706c19a3ef793d5794f21\System.Transactions.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c7d8389b2312eccf213aae87b54142c2\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\840e10e14abb24d90c8872ac0d20a39f\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d3c7fa2f555a4fd425f3a8678812d71b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cb8e9167a840a91f6c3413de4500d938\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fff88e27c7ab0d637ec6a9ede21ccc0d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\af22c117ed740773d0202057b37db0db\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ec9fb48d48efff299373f3153d3f3b6f\mscorlib.ni.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Browsers.mv0in0mr.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\c8c581bf\00e302b4_b7c3ca01\ZedGraph.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\7aaf326c\0097c7b8_b7c3ca01\ZedGraph.Web.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\acdab08c\0016ac8c_b7c3ca01\SnapStream.Registration.XmlSerializers.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\cd8143d1\00a8aaab_b7c3ca01\SpellChecker.Net.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\a4c661ee\0065a373_b7c3ca01\SharpZip.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\084c2ac3\00196878_b7c3ca01\Microsoft.Samples.Security.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\4835f7be\007b79aa_b7c3ca01\SlimMiscUtil.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\50620dd5\004b8cbd_b7c3ca01\BTVAuthentication.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\6409975c\000cf335_b8c3ca01\BTVNotifierManager.XmlSerializers.DLL ()
    MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SnapStream.Web\4.9.2.6525__0c24ea407914d741\SnapStream.Web.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNotifierManager.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SnapStream.DirectShow.Native.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAuthentication.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SlimMiscUtil.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SSWebServices2.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\zlibwapi.dll ()
  5. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL #2

    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
    SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
    SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
    SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (x10nets) -- C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
    DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
    DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
    DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
    DRV:64bit: - (ArcSec) -- C:\Windows\SysNative\drivers\ArcSec.sys ()
    DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AvsBluebird) -- C:\Windows\SysNative\drivers\bluebird64.sys (Dvico, Inc.)
    DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
    DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (hcw89) -- C:\Windows\SysNative\drivers\hcw89.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
    DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
    DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
    DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
    DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.)
    DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
    DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
    DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========
  6. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL #3

    < MD5 for: USERINIT.EXE >
    [2011/07/18 12:10:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old.000\Windows\SysWOW64\userinit.exe
    [2011/07/18 12:10:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
    [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Windows.old\Windows\system32\userinit.exe
    [2011/07/18 12:11:35 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old.000\Windows\System32\userinit.exe
    [2011/07/18 12:11:35 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
  7. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL #5

    < MD5 for: WINLOGON.EXE >
    [2011/07/18 12:11:35 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old.000\Windows\System32\winlogon.exe
    [2011/07/18 12:11:35 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
    [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
    [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Windows.old\Windows\system32\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3440EB47
    @Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:66633281
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:0888F409
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
  8. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    EXTRAS

    OTL Extras logfile created on: 2/3/2012 2:45:38 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 66.93% Memory free
    11.99 Gb Paging File | 8.61 Gb Available in Paging File | 71.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 25.46 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
    Drive D: | 1297.26 Gb Total Space | 204.43 Gb Free Space | 15.76% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 31.26 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
    Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 104.70 Gb Free Space | 5.62% Space Free | Partition Type: NTFS

    Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.3.9
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "MediaInfo" = MediaInfo 0.7.53
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "TeraCopy_is1" = TeraCopy 2.12
    "WinRAR archiver" = WinRAR archiver
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0299DF57-FF2E-42C6-A4D7-9480E537D191}" = Pinnacle Creative Pack Volume 2
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
    "{15663E2F-4C49-4949-9490-8806050654E0}" = Avid Studio Bonus Content
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{2A7A2022-4FA3-4FA4-898B-83311B704D31}" = Avid Studio Registration Freebie - Adorage Vol. 11 Selection
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
    "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
    "{2E6198AB-7371-4EF1-9506-D30CF94AB5C6}" = VOB2MPG PRO
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "{41DA03AC-71BF-4725-AD26-FC4070B0F0A9}" = My Movies for Windows Media Center
    "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
    "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A519E1D-44B8-4DC9-BC30-552C68D41C01}" = Avid Studio Plugins
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74E5BA31-CB34-4388-BC7F-91DC8830AABC}" = ScoreFitter Volume 2
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78D2B9D0-E680-4295-9830-6B23397B4746}_is1" = NetTransport 2.96c.620
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}" = Pinnacle Creative Pack Volume 1
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DCBDF08-F1C0-4935-A958-9501384FC528}" = ScoreFitter Volume 1
    "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
    "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
    "{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran├žais, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran├žais, Deutsch
    "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B35DC076-CEF2-4631-9EF7-45380E27C841}" = Avid Studio
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
    "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
    "{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
    "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F14B48AA-FB25-4CAF-9B75-1B9F066ECFEB}" = Studio Premium Pack 1
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced SystemCare 5_is1" = Advanced SystemCare 5
    "Aimersoft Media Converter_is1" = Aimersoft Media Converter(Build 1.4.2.1)
    "AnalogX MaxMem" = AnalogX MaxMem
    "Any Video Converter_is1" = Any Video Converter 3.3.3
    "AnyDVD" = AnyDVD
    "Applian Director2.1" = Applian Director
    "AudibleManager" = AudibleManager
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Belarc Advisor" = Belarc Advisor 8.2
    "Beyond TV" = SnapStream Beyond TV 4.9.2
    "COD Training_is1" = Getting Started with Avid Studio MULTILINGUAL
    "Comodo Dragon" = Comodo Dragon
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "DVDFab 8 Qt_is1" = DVDFab 8.0.9.0 (09/05/2011) Qt
    "ExpressBurn" = Express Burn Disc Burning Software
    "ExpressRip" = Express Rip
    "Firefly" = Snapstream Firefly 1.2.1.916
    "Firefly Mini" = SnapStream Firefly Mini 1.0.2
    "Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "IObit Malware Fighter_is1" = IObit Malware Fighter
    "Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
    "Magic Bullet Looks Studio" = Magic Bullet Looks Studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MixPad" = MixPad Audio Mixer
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
    "NewBlue Video Essentials Pinnacle Special 2" = NewBlue Video Essentials Special for Studio
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Prism" = Prism Video File Converter
    "proDAD-Mercalli-1.0" = proDAD Mercalli 1.0
    "proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
    "Red Giant ToonIt Studio" = Red Giant ToonIt Studio
    "RegAceSystem Suite" = RegAce
    "Replay Video Capture4.2" = Replay Video Capture
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "Smart Defrag 2_is1" = Smart Defrag 2
    "stax-Pinnacle_is1" = SureThing Express Labeler
    "Switch" = Switch Sound File Converter
    "Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
    "Trapcode Particular Studio" = Trapcode Particular Studio
    "Trapcode Shine Studio" = Trapcode Shine Studio
    "VideoReDo4_is1" = VideoReDo TVSuite Version 4.20.7.629
    "VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.20.2.616
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.1.11
    "WavePad" = WavePad Sound Editor
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  9. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    need anything else?
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Thank you for your patience:
    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3440EB47
      @Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:66633281
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:0888F409
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2
      :Reg
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      helpfile [open] -- Reg Error: Key error.
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      Folder [explore] -- Reg Error: Value error.
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      helpfile [open] -- Reg Error: Key error.
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ============================
    I did not include this in the above. But I recommend that you uninstall it. We do not recommend a registry cleaner to anyone. The risks far outreaches any benefit:
    Advanced System Care 5
    =============================
    See if you notice any improvement after running this.
  11. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    Cannot run OTL, keeps locking up with error message in the window.
  12. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    rebooted and ran scan anyway

    results

    OTL logfile created on: 2/7/2012 5:30:40 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 72.08% Memory free
    11.99 Gb Paging File | 9.92 Gb Available in Paging File | 82.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 38.01 Gb Free Space | 38.01% Space Free | Partition Type: NTFS
    Drive D: | 1297.26 Gb Total Space | 204.78 Gb Free Space | 15.79% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 31.26 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
    Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 86.92 Gb Free Space | 4.67% Space Free | Partition Type: NTFS
    Drive L: | 931.51 Gb Total Space | 181.77 Gb Free Space | 19.51% Space Free | Partition Type: NTFS

    Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
    PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe (IObit)
    PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    PRC - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    PRC - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
    PRC - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\69bda21840366b9d2b39c0773eef560e\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ef5dfba3465d24562cb115ffa1dddf23\System.Web.Services.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\45459468ddc7fa0601c11e9f05a118f3\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a14ee8d37b4ad1dea0551b02562da9b9\System.EnterpriseServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\bc87888a4a9706c19a3ef793d5794f21\System.Transactions.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c7d8389b2312eccf213aae87b54142c2\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\840e10e14abb24d90c8872ac0d20a39f\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d3c7fa2f555a4fd425f3a8678812d71b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cb8e9167a840a91f6c3413de4500d938\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fff88e27c7ab0d637ec6a9ede21ccc0d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\af22c117ed740773d0202057b37db0db\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ec9fb48d48efff299373f3153d3f3b6f\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl ()
    MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl ()
    MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
    SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
    SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
    SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (x10nets) -- C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
    DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
    DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
    DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
    DRV:64bit: - (ArcSec) -- C:\Windows\SysNative\drivers\ArcSec.sys ()
    DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AvsBluebird) -- C:\Windows\SysNative\drivers\bluebird64.sys (Dvico, Inc.)
    DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
    DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (hcw89) -- C:\Windows\SysNative\drivers\hcw89.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
    DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
    DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
    DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
    DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.)
    DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
    DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
    DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 5E 85 F9 EB E1 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "ESV Bible"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.entru.com/?s=1109"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
    FF - prefs.js..extensions.enabledItems: bandwidthmeter@gotomyhelp.com:1.2.5
    FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
    FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
    FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
    FF - prefs.js..extensions.enabledItems: {04514a2c-a3ab-4f47-8688-55f911b0fe75}:0.4.1
    FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {2990C60B-0C93-496e-90F6-176E68895AF6}:0.5
    FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.3
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
    FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
    FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3f3a}:0.3.1
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
    FF - prefs.js..extensions.enabledItems: {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.3
    FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
    FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
    FF - prefs.js..extensions.enabledItems: {8ca8ec90-9bf3-11da-a746-0800200c9a66}:0.2.2
    FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3629
    FF - prefs.js..extensions.enabledItems: {d9a65dd1-419b-4419-bba8-15fd1aec456a}:0.6.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: sdtools@sharedir.com:1.1
    FF - prefs.js..extensions.enabledItems: mgDownloadHelper@yevgenyandrov.net:1.0.2
    FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/02 17:37:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.18\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/06 15:28:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011/07/21 19:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2011/07/21 19:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/02/02 15:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions
    [2012/01/27 12:25:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2011/07/21 20:01:10 | 000,000,000 | ---D | M] (Map This) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
    [2011/07/21 20:01:10 | 000,000,000 | ---D | M] ("Sourceforge Direct Download") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05ff5280-47e6-11da-8cd6-0800200c9a66}
    [2012/01/27 12:25:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] ("Form History Manager") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1C609C49-F3A1-4f18-8C5E-BFBB6B5BC15D}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Print Image) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{2990C60B-0C93-496e-90F6-176E68895AF6}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] ("Forecastbar Enhanced") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] ("Copy Plain Text") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (SlimSearch) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{8ca8ec90-9bf3-11da-a746-0800200c9a66}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
    [2012/01/27 12:25:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Bookmarks Menu Button) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{d9a65dd1-419b-4419-bba8-15fd1aec456a}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Bandwidth Meter and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\bandwidthmeter@gotomyhelp.com
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (MegaUpload DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\mgDownloadHelper@yevgenyandrov.net
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\noia2_option@kk.noia
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\rsDownloadHelper@yevgenyandrov.net
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\speedtest@gotomyhelp.com
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\tabkit@jomel.me.uk
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\temp
    [2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\ask.uk.xml
    [2012/02/03 17:56:20 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\comcast.xml
    [2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\conduit.xml
    [2010/01/14 07:33:56 | 000,002,055 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\daemon-search.xml
    [2012/02/06 11:59:37 | 000,001,489 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\esv-bible.xml
    [2011/03/07 19:48:01 | 000,000,941 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\filestubecom-software.xml
    [2012/02/02 17:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{04514A2C-A3AB-4F47-8688-55F911B0FE75}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
    [2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2004/08/20 14:53:30 | 000,173,715 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
    O1 - Hosts: 127.0.0.1 abcsearch.com
    O1 - Hosts: 127.0.0.1 admin.abcsearch.com
    O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid]
    O1 - Hosts: 127.0.0.1 www.abcsearch.com
    O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
    O1 - Hosts: 127.0.0.1 acestats.com
    O1 - Hosts: 127.0.0.1 www.acestats.com
    O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames]
    O1 - Hosts: 127.0.0.1 www.actualnames.com
    O1 - Hosts: 127.0.0.1 ad-up.com
    O1 - Hosts: 127.0.0.1 www.ad-up.com
    O1 - Hosts: 127.0.0.1 adatom.com
    O1 - Hosts: 127.0.0.1 aesp.adatom.com
    O1 - Hosts: 127.0.0.1 adbest.com
    O1 - Hosts: 127.0.0.1 adserv.adbonus.com
    O1 - Hosts: 127.0.0.1 www.adbonus.com
    O1 - Hosts: 127.0.0.1 www.adblaster2.info #[Restricted Zone site]
    O1 - Hosts: 127.0.0.1 ad2.adcept.net
    O1 - Hosts: 127.0.0.1 ad3.adcept.net
    O1 - Hosts: 127.0.0.1 www.adcept.net
    O1 - Hosts: 127.0.0.1 adcomplete.com
    O1 - Hosts: 127.0.0.1 www.adcomplete.com
    O1 - Hosts: 127.0.0.1 www.adcopy.info
    O1 - Hosts: 4891 more lines...
    O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
    O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
    O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/19 08:21:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/02/14 23:53:50 | 000,000,027 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  13. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL.txt #2

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/07 15:49:19 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/02/03 18:48:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/02/03 14:42:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/02/03 13:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
    [2012/02/02 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
    [2012/02/02 18:39:17 | 000,000,000 | ---D | C] -- C:\Windows\RegAce
    [2012/02/02 17:22:28 | 000,799,880 | ---- | C] (Crawler.com ) -- C:\Users\Owner\Desktop\SpywareTerminatorSetup.exe
    [2012/02/02 17:19:08 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/02/02 17:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/02/02 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/02/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/02 16:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/02/02 16:21:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/02 16:20:58 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
    [2012/02/02 15:51:54 | 015,795,464 | ---- | C] (Mozilla) -- C:\Users\Owner\Desktop\Firefox Setup 10.0.exe
    [2012/02/02 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Threat Expert
    [2012/02/02 14:42:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0208.old
    [2012/02/02 14:42:34 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0208.old
    [2012/02/02 14:38:12 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/02/02 14:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/02/02 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/02/02 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/02/02 14:37:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
    [2012/02/02 14:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
    [2012/02/02 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
    [2012/02/02 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/02/02 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/02/02 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 4.01 Build 2
    [2012/02/02 12:28:04 | 003,834,832 | ---- | C] (PC Tools) -- C:\Users\Owner\Desktop\sdsetup.exe
    [2012/02/02 12:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/02/02 12:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2012/02/02 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    [2012/02/02 11:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/02/02 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/02/02 11:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
    [2012/02/02 10:34:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
    [2012/02/01 19:05:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/01 16:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/02/01 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/01 13:47:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/01 13:47:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/02/01 13:34:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/01 13:34:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/01 13:34:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/01 13:34:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    [2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoReDoTVSuite4
    [2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
    [2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
    [2012/01/29 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnvSoft
    [2012/01/28 19:02:20 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/01/28 19:02:19 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
    [2012/01/28 19:02:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
    [2012/01/28 19:02:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2012/01/28 19:02:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2012/01/28 19:02:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2012/01/28 18:56:44 | 000,000,000 | ---D | C] -- C:\Hauppauge
    [2012/01/28 18:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    [2012/01/28 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
    [2012/01/28 14:18:54 | 000,000,000 | ---D | C] -- D:\Documents\NetXfer
    [2012/01/28 14:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xi
    [2012/01/28 14:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xi
    [2012/01/28 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xi
    [2012/01/28 13:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Hensense.com
    [2012/01/28 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hensence.com
    [2012/01/28 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetFLV
    [2012/01/28 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Moyea
    [2012/01/28 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
    [2012/01/28 12:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/01/28 12:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2012/01/28 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    [2012/01/28 12:12:46 | 000,000,000 | ---D | C] -- D:\Documents\Freemake
    [2012/01/28 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
    [2012/01/28 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FDRLab
    [2012/01/28 10:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownloadToolz
    [2012/01/28 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.streamCapture
    [2012/01/28 09:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
    [2012/01/27 20:21:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/01/27 20:21:40 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2012/01/27 20:21:39 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2012/01/27 20:21:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2012/01/27 20:21:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/01/27 20:21:38 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/01/27 20:21:38 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/01/27 20:21:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/01/27 20:21:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2012/01/27 20:21:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/01/27 20:21:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/01/27 20:21:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2012/01/27 20:21:36 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2012/01/27 20:21:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2012/01/27 20:21:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2012/01/27 20:21:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2012/01/27 20:21:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/01/27 20:21:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012/01/27 20:21:06 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012/01/27 20:21:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012/01/27 20:21:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012/01/27 20:21:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/01/27 20:21:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012/01/27 20:21:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012/01/27 20:21:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012/01/27 20:21:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012/01/27 20:21:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012/01/27 20:21:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/01/27 20:21:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/01/27 20:21:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/01/27 20:21:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/01/27 20:21:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/01/27 20:21:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012/01/27 20:21:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/01/27 20:21:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/01/27 20:21:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
    [2012/01/27 20:20:59 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
    [2012/01/27 20:20:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
    [2012/01/27 20:20:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
    [2012/01/27 20:20:59 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
    [2012/01/27 20:20:59 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
    [2012/01/27 20:20:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
    [2012/01/27 20:20:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
    [2012/01/27 20:20:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
    [2012/01/27 20:20:58 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
    [2012/01/27 20:20:54 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
    [2012/01/27 20:20:54 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
    [2012/01/27 20:20:54 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/01/27 20:20:54 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/01/27 20:20:52 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
    [2012/01/27 20:20:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
    [2012/01/27 20:20:50 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
    [2012/01/27 20:20:50 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
    [2012/01/27 20:20:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
    [2012/01/27 20:20:50 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
    [2012/01/27 20:20:50 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
    [2012/01/27 20:20:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
    [2012/01/27 20:20:49 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
    [2012/01/27 20:20:49 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
    [2012/01/27 20:20:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
    [2012/01/27 20:20:46 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/01/27 20:20:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/01/27 20:20:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
    [2012/01/27 20:20:42 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
    [2012/01/27 20:20:42 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
    [2012/01/27 20:18:48 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/01/27 20:18:47 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/01/27 20:18:47 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/01/27 20:18:44 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2012/01/27 20:16:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2012/01/27 20:16:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2012/01/27 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpexplorer
    [2012/01/27 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpdump-2.4
    [2012/01/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 3.21
    [2012/01/27 14:40:28 | 000,257,784 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
    [2012/01/27 14:40:28 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
    [2012/01/27 14:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
    [2012/01/27 14:40:25 | 000,566,008 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturing.dll
    [2012/01/27 14:40:25 | 000,421,624 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
    [2012/01/27 14:40:25 | 000,361,720 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturingFilter.dll
    [2012/01/27 14:40:25 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutVideoMixerFilter.dll
    [2012/01/27 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
    [2012/01/27 14:05:41 | 000,000,000 | ---D | C] -- D:\Documents\Streaming Video Recorder
    [2012/01/27 14:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/01/27 14:01:51 | 000,029,288 | -H-- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys
    [2012/01/27 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apowersoft
    [2012/01/27 10:42:10 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
    [2012/01/27 10:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Director
    [2012/01/27 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Video Capture
    [2012/01/24 16:11:11 | 000,000,000 | ---D | C] -- D:\Documents\Moyea
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/07 17:28:24 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/07 17:28:24 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/07 17:25:21 | 000,798,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/07 17:25:21 | 000,675,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/07 17:25:21 | 000,126,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/07 17:20:55 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
    [2012/02/07 17:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/07 17:19:28 | 534,941,695 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/05 03:00:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RegAce Scheduled Scan - Owner.job
    [2012/02/03 19:10:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/02/03 14:42:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/02/03 11:30:43 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.com
    [2012/02/03 10:31:19 | 002,040,543 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2012/02/03 10:29:46 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.scr
    [2012/02/03 10:29:21 | 000,000,335 | ---- | M] () -- C:\Users\Owner\Desktop\FixExe.reg
    [2012/02/03 10:25:15 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\h7ikfgyy.exe
    [2012/02/02 23:25:56 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/02/02 19:34:25 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
    [2012/02/02 17:38:26 | 000,001,167 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/02 17:22:33 | 000,799,880 | ---- | M] (Crawler.com ) -- C:\Users\Owner\Desktop\SpywareTerminatorSetup.exe
    [2012/02/02 17:19:19 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/02/02 16:27:19 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/02/02 16:20:58 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
    [2012/02/02 15:52:18 | 015,795,464 | ---- | M] (Mozilla) -- C:\Users\Owner\Desktop\Firefox Setup 10.0.exe
    [2012/02/02 14:38:40 | 001,519,975 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/02/02 13:59:44 | 000,017,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/02 12:28:36 | 003,834,832 | ---- | M] (PC Tools) -- C:\Users\Owner\Desktop\sdsetup.exe
    [2012/02/02 10:33:57 | 000,294,216 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
    [2012/02/01 16:39:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/01 16:39:48 | 000,812,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/30 15:05:15 | 000,001,547 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/29 17:16:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/01/28 18:57:20 | 000,000,658 | ---- | M] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
    [2012/01/28 12:47:06 | 037,665,066 | ---- | M] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
    [2012/01/28 11:25:20 | 000,417,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/01/28 11:12:40 | 054,363,179 | ---- | M] () -- D:\Documents\kehrcjeu.flv
    [2012/01/28 09:43:17 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/01/27 20:03:31 | 000,000,228 | ---- | M] () -- C:\Users\Owner\.swfinfo
    [2012/01/27 17:40:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/01/23 17:31:48 | 000,002,034 | -H-- | M] () -- D:\Documents\Default.rdp
    [2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    [2012/01/16 16:28:50 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll0208.old
    [2012/01/16 16:28:48 | 002,246,608 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0208.old
    [2012/01/16 16:28:28 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll0208.old
    [2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/03 11:30:42 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.com
    [2012/02/03 10:31:12 | 002,040,543 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2012/02/03 10:29:43 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.scr
    [2012/02/03 10:29:19 | 000,000,335 | ---- | C] () -- C:\Users\Owner\Desktop\FixExe.reg
    [2012/02/03 10:25:07 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\h7ikfgyy.exe
    [2012/02/02 23:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/02/02 19:34:25 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
    [2012/02/02 18:39:37 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RegAce Scheduled Scan - Owner.job
    [2012/02/02 17:38:26 | 000,001,167 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/02 17:37:44 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/02 16:27:19 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/02/02 14:42:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0208.old
    [2012/02/02 14:38:21 | 001,519,975 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/02/02 12:11:26 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/02/02 10:33:54 | 000,294,216 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
    [2012/02/01 16:39:43 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/01 13:34:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/01 13:34:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/01 13:34:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/01 13:34:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/01 13:34:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/30 15:05:15 | 000,001,547 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/29 17:16:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2012/01/28 18:57:19 | 000,000,658 | ---- | C] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
    [2012/01/28 12:46:47 | 037,665,066 | ---- | C] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
    [2012/01/28 11:01:50 | 054,363,179 | ---- | C] () -- D:\Documents\kehrcjeu.flv
    [2012/01/28 09:43:17 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/01/27 20:03:31 | 000,000,228 | ---- | C] () -- C:\Users\Owner\.swfinfo
    [2012/01/27 14:40:28 | 000,376,432 | -H-- | C] () -- C:\Windows\SysWow64\x86.zip
    [2012/01/23 15:27:07 | 155,893,257 | ---- | C] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:50:24 | 158,110,986 | ---- | C] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    [2011/07/27 19:49:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
    [2011/07/27 18:36:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
    [2011/07/27 13:19:23 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/26 15:30:24 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
    [2011/07/26 15:30:23 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
    [2011/07/26 15:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
    [2011/07/26 10:01:44 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
    [2011/07/26 10:01:44 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
    [2011/07/24 12:14:54 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/07/24 12:09:26 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2011/07/23 09:17:28 | 000,812,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/21 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/07/20 15:44:12 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
    [2011/07/20 13:28:49 | 000,000,387 | ---- | C] () -- C:\Windows\HCWBlast.ini
    [2011/07/20 13:28:35 | 000,035,344 | ---- | C] () -- C:\Windows\Irremote.ini
    [2011/07/20 12:30:01 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
    [2011/07/20 12:30:01 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/07/20 12:30:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/07/20 12:29:11 | 000,003,120 | ---- | C] () -- C:\Windows\HCWPNP.INI
    [2011/07/20 12:07:20 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
    [2011/07/20 11:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/07/19 13:28:59 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
    [2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
    [2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
     
  14. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    still have Firefox redirect from Google.com to search.entru.com/?s=1109
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please uninstall the following:

    1. RegAce>> registry cleaner
    2. Advanced System Care>> registry cleaner, optimizer
    (We do not recommend registry cleaners to anyone. The risk is greater than any small benefit- if any.)
    3. Hitman Pro >> this program is a bundle of programs that are all free on the internet. The scam is that those free programs are fully functional on the internet-but-but Hitman Pro will only remove entries in the trial period. After that you have to pay for the program.
    After the uninstall, please use Windows Explorer to access Computer> Local Drive (C)> Programs> Find program for each program you uninstalled and do a right click> delete to remove it.
    ====================================
    Did you do an upgrade or reinstall and save some folders. There are several with the .old extension> examples:
    There a documents on the D Drive I cannot identify:
    [2012/01/28 11:12:40 | 054,363,179 | ---- | M] () -- D:\Documents\kehrcjeu.flv
    [2012/01/23 17:31:48 | 000,002,034 |-H-- | M] () -- D:\Documents\Default.rdp>> hidden file
    [2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    ======================================
    A comment: You have 8 drives/partitions. There are 44 extensions on Firefox. It appears that you have excess processes running.
    A recommendation: Remove the 'old' files and folders', remove some of the extensions on Firefox, uncheck the processes you don't need to start on boot using the msconfig utility to access the startup Menu, review the installed programs and app and remove any you are not using.
    ======================================
    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
      FF - prefs.js..browser.startup.homepage: "http://search.entru.com/?s=1109"
      [2011/07/21 19:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
      [2011/07/21 19:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
      [2012/02/02 15:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\ex tensions
      [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\ex tensions\temp
      [2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\ask.uk.xml
      [2012/02/02 17:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{04514A2C-A3AB-4F47-8688-55F911B0FE75}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
      () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EX TENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O18:64bit: - Protocol\Handler\belarc - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      [2012/02/02 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
      [2012/02/02 18:39:17 | 000,000,000 | ---D | C] -- C:\Windows\RegAce
      [2012/02/02 17:22:28 | 000,799,880 | ---- | C] (Crawler.com ) -- C:\Users\Owner\Desktop\SpywareTerminatorSetup.exe
      [2012/02/02 16:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
      [2012/02/02 16:21:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
      [2012/02/07 17:28:24 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/02/07 17:28:24 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/02/07 17:25:21 | 000,798,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/02/07 17:25:21 | 000,675,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/02/07 17:25:21 | 000,126,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    =========================================
    Please run the fix above. Reboot the computer. Try Combofix again:
    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode. If it won't run, go one to #2.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    3.See which one of the following runs. You do not need to download all three versions:
    This is a slight variation on the RKill:
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, add the following:

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    (Directions courtesy bleeping computer)

    4. With both RKill and exehelper on board:
    Go right to the renamed (Combofix) and double click on friday.exe to run
    If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

    If successful, please leave RKill, Exehelper and Combofix logs.
  17. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL #1

    OTL logfile created on: 2/11/2012 6:33:12 PM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 3.47 Gb Available Physical Memory | 57.90% Memory free
    11.99 Gb Paging File | 8.63 Gb Available in Paging File | 71.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 38.26 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
    Drive D: | 1297.26 Gb Total Space | 204.83 Gb Free Space | 15.79% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 31.26 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
    Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 167.84 Gb Free Space | 9.01% Space Free | Partition Type: NTFS
    Drive L: | 931.51 Gb Total Space | 181.77 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    PRC - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
    PRC - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
    PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Web_pvdjsdue.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Web_mwlhbx8c.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Web_ald0jnkv.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Web_bzb6xevi.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\69bda21840366b9d2b39c0773eef560e\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ef5dfba3465d24562cb115ffa1dddf23\System.Web.Services.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3863393759481b90e735f669f1e822a9\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\45459468ddc7fa0601c11e9f05a118f3\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a14ee8d37b4ad1dea0551b02562da9b9\System.EnterpriseServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\bc87888a4a9706c19a3ef793d5794f21\System.Transactions.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c7d8389b2312eccf213aae87b54142c2\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\840e10e14abb24d90c8872ac0d20a39f\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d3c7fa2f555a4fd425f3a8678812d71b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cb8e9167a840a91f6c3413de4500d938\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fff88e27c7ab0d637ec6a9ede21ccc0d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\af22c117ed740773d0202057b37db0db\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ec9fb48d48efff299373f3153d3f3b6f\mscorlib.ni.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Browsers.mv0in0mr.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\c8c581bf\00e302b4_b7c3ca01\ZedGraph.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\7aaf326c\0097c7b8_b7c3ca01\ZedGraph.Web.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\acdab08c\0016ac8c_b7c3ca01\SnapStream.Registration.XmlSerializers.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\cd8143d1\00a8aaab_b7c3ca01\SpellChecker.Net.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\a4c661ee\0065a373_b7c3ca01\SharpZip.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\084c2ac3\00196878_b7c3ca01\Microsoft.Samples.Security.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\4835f7be\007b79aa_b7c3ca01\SlimMiscUtil.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\50620dd5\004b8cbd_b7c3ca01\BTVAuthentication.DLL ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\assembly\dl3\6409975c\000cf335_b8c3ca01\BTVNotifierManager.XmlSerializers.DLL ()
    MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SnapStream.Web\4.9.2.6525__0c24ea407914d741\SnapStream.Web.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNotifierManager.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SnapStream.DirectShow.Native.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAuthentication.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SlimMiscUtil.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SSWebServices2.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
    MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
    MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\zlibwapi.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
    SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
    SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
    SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
    SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    SRV - (x10nets) -- C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
    DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
    DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
    DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
    DRV:64bit: - (ArcSec) -- C:\Windows\SysNative\drivers\ArcSec.sys ()
    DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AvsBluebird) -- C:\Windows\SysNative\drivers\bluebird64.sys (Dvico, Inc.)
    DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
    DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (hcw89) -- C:\Windows\SysNative\drivers\hcw89.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
    DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
    DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
    DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
    DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.)
    DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
    DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
    DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 5E 85 F9 EB E1 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.selectedEngine: "ESV Bible"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
    FF - prefs.js..extensions.enabledItems: bandwidthmeter@gotomyhelp.com:1.2.5
    FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
    FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
    FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
    FF - prefs.js..extensions.enabledItems: {04514a2c-a3ab-4f47-8688-55f911b0fe75}:0.4.1
    FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {2990C60B-0C93-496e-90F6-176E68895AF6}:0.5
    FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.3
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
    FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
    FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3f3a}:0.3.1
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
    FF - prefs.js..extensions.enabledItems: {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.3
    FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
    FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
    FF - prefs.js..extensions.enabledItems: {8ca8ec90-9bf3-11da-a746-0800200c9a66}:0.2.2
    FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3629
    FF - prefs.js..extensions.enabledItems: {d9a65dd1-419b-4419-bba8-15fd1aec456a}:0.6.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: sdtools@sharedir.com:1.1
    FF - prefs.js..extensions.enabledItems: mgDownloadHelper@yevgenyandrov.net:1.0.2
    FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 09:39:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.18\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/06 15:28:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2012/02/11 18:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2012/02/10 19:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions
    [2012/01/27 12:25:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2011/07/21 20:01:10 | 000,000,000 | ---D | M] (Map This) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
    [2011/07/21 20:01:10 | 000,000,000 | ---D | M] ("Sourceforge Direct Download") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05ff5280-47e6-11da-8cd6-0800200c9a66}
    [2012/01/27 12:25:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] ("Form History Manager") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1C609C49-F3A1-4f18-8C5E-BFBB6B5BC15D}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Print Image) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{2990C60B-0C93-496e-90F6-176E68895AF6}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] ("Forecastbar Enhanced") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] ("Copy Plain Text") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (SlimSearch) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{8ca8ec90-9bf3-11da-a746-0800200c9a66}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
    [2012/01/27 12:25:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Bookmarks Menu Button) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{d9a65dd1-419b-4419-bba8-15fd1aec456a}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Bandwidth Meter and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\bandwidthmeter@gotomyhelp.com
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (MegaUpload DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\mgDownloadHelper@yevgenyandrov.net
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\noia2_option@kk.noia
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\rsDownloadHelper@yevgenyandrov.net
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\speedtest@gotomyhelp.com
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\tabkit@jomel.me.uk
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\temp
    [2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\ask.uk.xml
    [2012/02/10 19:51:00 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\comcast.xml
    [2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\conduit.xml
    [2010/01/14 07:33:56 | 000,002,055 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\daemon-search.xml
    [2012/02/06 11:59:37 | 000,001,489 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\esv-bible.xml
    [2011/03/07 19:48:01 | 000,000,941 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\filestubecom-software.xml
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{04514A2C-A3AB-4F47-8688-55F911B0FE75}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
    [2012/02/11 09:39:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  18. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    OTL #2

    O1 HOSTS File: ([2012/02/11 18:20:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
    O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKCU..\Run: [EPSON Artisan 810 (Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "D:\Temp\E_SCD2A.tmp" /EF "HKCU" File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
    O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/19 08:21:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/02/14 23:53:50 | 000,000,027 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/11 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Epson
    [2012/02/11 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nanoPEG for WinTV
    [2012/02/11 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nanoPEG for WinTV
    [2012/02/11 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
    [2012/02/11 10:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
    [2012/02/11 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
    [2012/02/11 10:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
    [2012/02/11 09:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2012/02/11 09:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
    [2012/02/11 09:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
    [2012/02/10 19:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2012/02/10 19:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/10 19:46:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2012/02/10 19:46:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/02/07 15:49:19 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/02/03 14:42:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/02/03 13:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
    [2012/02/02 17:19:08 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/02/02 17:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/02/02 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/02/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/02 16:20:58 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
    [2012/02/02 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Threat Expert
    [2012/02/02 14:42:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0208.old
    [2012/02/02 14:42:34 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0208.old
    [2012/02/02 14:38:12 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/02/02 14:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/02/02 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/02/02 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/02/02 14:37:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
    [2012/02/02 14:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
    [2012/02/02 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
    [2012/02/02 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/02/02 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/02/02 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 4.01 Build 2
    [2012/02/02 12:28:04 | 003,834,832 | ---- | C] (PC Tools) -- C:\Users\Owner\Desktop\sdsetup.exe
    [2012/02/02 12:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/02/02 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    [2012/02/02 11:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/02/02 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/02/02 10:34:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
    [2012/02/01 19:05:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/01 16:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/02/01 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/01 13:47:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/01 13:47:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/02/01 13:34:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/01 13:34:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/01 13:34:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/01 13:34:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    [2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoReDoTVSuite4
    [2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
    [2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
    [2012/01/29 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnvSoft
    [2012/01/28 18:56:44 | 000,000,000 | ---D | C] -- C:\Hauppauge
    [2012/01/28 18:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    [2012/01/28 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
    [2012/01/28 14:18:54 | 000,000,000 | ---D | C] -- D:\Documents\NetXfer
    [2012/01/28 14:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xi
    [2012/01/28 14:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xi
    [2012/01/28 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xi
    [2012/01/28 13:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Hensense.com
    [2012/01/28 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetFLV
    [2012/01/28 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Moyea
    [2012/01/28 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
    [2012/01/28 12:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/01/28 12:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2012/01/28 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    [2012/01/28 12:12:46 | 000,000,000 | ---D | C] -- D:\Documents\Freemake
    [2012/01/28 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
    [2012/01/28 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FDRLab
    [2012/01/28 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.streamCapture
    [2012/01/28 09:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
    [2012/01/27 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpexplorer
    [2012/01/27 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpdump-2.4
    [2012/01/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 3.21
    [2012/01/27 14:40:28 | 000,257,784 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
    [2012/01/27 14:40:28 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
    [2012/01/27 14:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
    [2012/01/27 14:40:25 | 000,566,008 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturing.dll
    [2012/01/27 14:40:25 | 000,421,624 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
    [2012/01/27 14:40:25 | 000,361,720 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturingFilter.dll
    [2012/01/27 14:40:25 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutVideoMixerFilter.dll
    [2012/01/27 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
    [2012/01/27 14:05:41 | 000,000,000 | ---D | C] -- D:\Documents\Streaming Video Recorder
    [2012/01/27 14:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/01/27 14:01:51 | 000,029,288 | -H-- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys
    [2012/01/27 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apowersoft
    [2012/01/27 10:42:10 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
    [2012/01/27 10:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Director
    [2012/01/27 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Video Capture
    [2012/01/24 16:11:11 | 000,000,000 | ---D | C] -- D:\Documents\Moyea
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/11 18:32:22 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
    [2012/02/11 18:26:46 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/11 18:26:46 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/11 18:23:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/11 18:23:15 | 534,941,695 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/11 18:20:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2012/02/11 15:56:57 | 000,000,382 | ---- | M] () -- C:\Windows\HCWBlast.ini
    [2012/02/11 15:46:39 | 000,001,232 | ---- | M] () -- C:\Users\Owner\Desktop\nanoPEG Editor for WinTV.lnk
    [2012/02/11 15:46:39 | 000,001,192 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\nanoPEG Editor for WinTV.lnk
    [2012/02/11 15:46:35 | 000,031,047 | ---- | M] () -- C:\Windows\Irremote.ini
    [2012/02/11 15:46:35 | 000,001,037 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
    [2012/02/11 15:46:09 | 000,000,483 | ---- | M] () -- C:\Windows\ODBC.INI
    [2012/02/11 15:46:09 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
    [2012/02/11 15:45:17 | 000,006,213 | ---- | M] () -- C:\Windows\HCWPNP.INI
    [2012/02/05 03:00:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RegAce Scheduled Scan - Owner.job
    [2012/02/03 19:10:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/02/03 14:42:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/02/03 11:30:43 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.com
    [2012/02/03 10:31:19 | 002,040,543 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2012/02/03 10:29:46 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.scr
    [2012/02/03 10:29:21 | 000,000,335 | ---- | M] () -- C:\Users\Owner\Desktop\FixExe.reg
    [2012/02/03 10:25:15 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\h7ikfgyy.exe
    [2012/02/02 23:25:56 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/02/02 19:34:25 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
    [2012/02/02 17:38:26 | 000,001,167 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/02 17:19:19 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/02/02 16:27:19 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/02/02 16:20:58 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
    [2012/02/02 14:38:40 | 001,519,975 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/02/02 13:59:44 | 000,017,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/02 12:28:36 | 003,834,832 | ---- | M] (PC Tools) -- C:\Users\Owner\Desktop\sdsetup.exe
    [2012/02/02 10:33:57 | 000,294,216 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
    [2012/02/01 16:39:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/01 16:39:48 | 000,812,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/30 15:05:15 | 000,001,547 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/29 17:16:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/01/28 18:57:20 | 000,000,658 | ---- | M] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
    [2012/01/28 12:47:06 | 037,665,066 | ---- | M] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
    [2012/01/28 11:25:20 | 000,417,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/01/28 09:43:17 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/01/27 20:03:31 | 000,000,228 | ---- | M] () -- C:\Users\Owner\.swfinfo
    [2012/01/23 17:31:48 | 000,002,034 | -H-- | M] () -- D:\Documents\Default.rdp
    [2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    [2012/01/16 16:28:50 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll0208.old
    [2012/01/16 16:28:48 | 002,246,608 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0208.old
    [2012/01/16 16:28:28 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll0208.old
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/11 15:46:39 | 000,001,232 | ---- | C] () -- C:\Users\Owner\Desktop\nanoPEG Editor for WinTV.lnk
    [2012/02/11 15:46:39 | 000,001,192 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\nanoPEG Editor for WinTV.lnk
    [2012/02/11 15:46:35 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
    [2012/02/11 09:54:25 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2012/02/11 09:54:25 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2012/02/11 09:54:25 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2012/02/11 09:54:25 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2012/02/11 09:54:25 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2012/02/11 09:54:25 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2012/02/11 09:54:25 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2012/02/11 09:54:25 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
    [2012/02/11 09:54:25 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
    [2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
    [2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
    [2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
    [2012/02/11 09:54:25 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
    [2012/02/11 09:54:25 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2012/02/11 09:54:25 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2012/02/11 09:54:25 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2012/02/11 09:54:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2012/02/03 11:30:42 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.com
    [2012/02/03 10:31:12 | 002,040,543 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2012/02/03 10:29:43 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.scr
    [2012/02/03 10:29:19 | 000,000,335 | ---- | C] () -- C:\Users\Owner\Desktop\FixExe.reg
    [2012/02/03 10:25:07 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\h7ikfgyy.exe
    [2012/02/02 23:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/02/02 19:34:25 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
    [2012/02/02 18:39:37 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RegAce Scheduled Scan - Owner.job
    [2012/02/02 17:38:26 | 000,001,167 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/02 17:37:44 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/02 16:27:19 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/02/02 14:42:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0208.old
    [2012/02/02 14:38:21 | 001,519,975 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/02/02 12:11:26 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/02/02 10:33:54 | 000,294,216 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
    [2012/02/01 16:39:43 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/01 13:34:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/01 13:34:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/01 13:34:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/01 13:34:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/01 13:34:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/30 15:05:15 | 000,001,547 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/29 17:16:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2012/01/28 18:57:19 | 000,000,658 | ---- | C] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
    [2012/01/28 12:46:47 | 037,665,066 | ---- | C] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
    [2012/01/28 09:43:17 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/01/27 20:03:31 | 000,000,228 | ---- | C] () -- C:\Users\Owner\.swfinfo
    [2012/01/27 14:40:28 | 000,376,432 | -H-- | C] () -- C:\Windows\SysWow64\x86.zip
    [2012/01/23 15:27:07 | 155,893,257 | ---- | C] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:50:24 | 158,110,986 | ---- | C] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    [2011/07/27 19:49:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
    [2011/07/27 18:36:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
    [2011/07/27 13:19:23 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/26 15:30:24 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
    [2011/07/26 15:30:23 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
    [2011/07/26 15:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
    [2011/07/26 10:01:44 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
    [2011/07/26 10:01:44 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
    [2011/07/24 12:14:54 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/07/24 12:09:26 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2011/07/23 09:17:28 | 000,812,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/21 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/07/20 15:44:12 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
    [2011/07/20 13:28:49 | 000,000,387 | ---- | C] () -- C:\Windows\HCWBlast_sav.ini
    [2011/07/20 13:28:49 | 000,000,382 | ---- | C] () -- C:\Windows\HCWBlast.ini
    [2011/07/20 13:28:35 | 000,031,047 | ---- | C] () -- C:\Windows\Irremote.ini
    [2011/07/20 12:30:01 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
    [2011/07/20 12:30:01 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/07/20 12:30:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/07/20 12:29:11 | 000,006,213 | ---- | C] () -- C:\Windows\HCWPNP.INI
    [2011/07/20 12:07:20 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
    [2011/07/20 11:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/07/19 13:28:59 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
    [2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
    [2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/07/27 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acronis
    [2012/01/29 17:10:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
    [2012/01/27 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apowersoft
    [2011/07/24 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
    [2012/02/11 18:32:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
    [2011/07/23 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
    [2012/01/28 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hensense.com
    [2012/02/02 11:28:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
    [2012/01/28 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
    [2011/07/25 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
    [2011/07/25 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
    [2011/07/26 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\proDAD
    [2011/07/26 08:15:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Recordpad
    [2011/07/25 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\STOIK
    [2012/02/11 10:14:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
    [2012/02/02 14:37:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
    [2011/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
    [2011/07/25 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite
    [2012/02/10 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    [2011/07/25 20:30:25 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Virtual CD v10
    [2012/01/28 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xi
    [2012/02/05 03:00:00 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\RegAce Scheduled Scan - Owner.job
    [2009/07/14 00:08:49 | 000,015,114 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3440EB47
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
  19. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/03/2012 at 11:31:52.
    Operating System: Windows 7 Professional


    Processes terminated by Rkill or while it was running:



    Rkill completed on 02/03/2012 at 11:31:55.


    exeHelper by Raktor
    Build 20100414
    Run at 20:10:48 on 02/11/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    ComboFix 12-02-11.03 - Owner 02/11/2012 20:12:22.4.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4216 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 01:28 . 2012-02-12 01:28 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-12 01:28 . 2012-02-12 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-11 23:34 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F809967-3F2E-4A6C-936E-D22ED6CFD600}\mpengine.dll
    2012-02-11 23:32 . 2012-02-11 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Epson
    2012-02-11 23:28 . 2012-02-12 01:35 5544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-11 20:46 . 2012-02-11 20:46 -------- d-----w- c:\program files (x86)\nanoPEG for WinTV
    2012-02-11 15:05 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
    2012-02-11 14:54 . 2012-02-11 15:00 -------- d-----w- c:\program files (x86)\Epson Software
    2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
    2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
    2012-02-11 14:54 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
    2012-02-11 14:54 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
    2012-02-11 14:54 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
    2012-02-11 14:54 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMFRA.DLL
    2012-02-11 14:54 . 2008-11-12 07:00 81920 ----a-w- c:\windows\system32\E_IBCBFRA.DLL
    2012-02-11 14:54 . 2012-02-11 15:05 -------- d-----w- c:\programdata\EPSON
    2012-02-11 14:53 . 2012-02-11 14:55 -------- d-----w- c:\program files (x86)\epson
    2012-02-11 14:53 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
    2012-02-11 14:53 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2012-02-11 14:53 . 2008-11-17 05:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
    2012-02-11 00:47 . 2012-02-11 00:47 -------- d-----w- c:\windows\Downloaded Installations
    2012-02-11 00:46 . 2010-04-29 20:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2012-02-11 00:46 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-10 22:30 . 2012-02-01 21:40 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-10 22:30 . 2012-02-10 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
    2012-02-07 20:49 . 2012-02-07 20:49 -------- d-----w- C:\_OTL
    2012-02-02 22:19 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-02 22:11 . 2012-02-02 22:11 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-02 22:09 . 2012-02-02 22:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-02-02 21:27 . 2012-02-02 21:27 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
    2012-02-02 21:20 . 2012-02-02 21:20 116016 ----a-w- c:\windows\system32\drivers\18676779.sys
    2012-02-02 20:00 . 2012-02-02 20:00 -------- d-----w- c:\users\Owner\AppData\Local\Threat Expert
    2012-02-02 19:42 . 2012-01-16 21:28 767952 ----a-w- c:\windows\BDTSupport.dll0208.old
    2012-02-02 19:42 . 2012-01-16 21:28 149456 ----a-w- c:\windows\SGDetectionTool.dll0208.old
    2012-02-02 19:42 . 2012-01-16 21:28 2246608 ----a-w- c:\windows\PCTBDCore.dll0208.old
    2012-02-02 19:38 . 2012-01-11 21:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-02-02 19:38 . 2012-02-03 00:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-02-02 19:38 . 2012-02-02 21:51 -------- d-----w- c:\program files (x86)\PC Tools
    2012-02-02 19:37 . 2012-02-03 00:27 -------- d-----w- c:\programdata\PC Tools
    2012-02-02 19:37 . 2012-02-02 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
    2012-02-02 19:36 . 2012-02-02 19:36 -------- d-----w- c:\program files (x86)\Binnerup Consult
    2012-02-02 19:30 . 2012-02-03 23:47 -------- d-----w- c:\programdata\CPA_VA
    2012-02-02 18:17 . 2012-02-02 18:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-02 16:58 . 2012-02-02 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-02 16:57 . 2012-02-09 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-02-02 16:57 . 2012-02-02 16:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-02-02 16:28 . 2012-02-02 16:28 -------- d-----w- c:\programdata\IObit
    2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-01 18:27 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
    2012-01-30 18:09 . 2012-02-10 23:46 -------- d-----w- c:\users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    2012-01-30 18:09 . 2012-01-30 18:11 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
    2012-01-29 22:19 . 2012-01-29 22:19 -------- d-----w- c:\program files\MediaInfo
    2012-01-29 22:10 . 2012-01-29 22:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AnvSoft
    2012-01-28 23:56 . 2012-01-28 23:56 -------- d-----w- C:\Hauppauge
    2012-01-28 23:41 . 2012-01-28 23:41 -------- d-----w- c:\program files (x86)\Renesas Electronics
    2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Xi
    2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\program files (x86)\Xi
    2012-01-28 18:26 . 2012-01-28 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Hensense.com
    2012-01-28 17:45 . 2012-01-28 23:55 -------- d-----w- c:\program files (x86)\GetFLV
    2012-01-28 17:36 . 2012-01-28 17:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Moyea
    2012-01-28 17:26 . 2012-01-28 17:27 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
    2012-01-28 17:25 . 2012-01-28 17:25 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-01-28 17:12 . 2012-02-11 17:19 -------- d-----w- c:\program files (x86)\Freemake
    2012-01-28 15:57 . 2012-01-28 15:57 -------- d-----w- c:\program files (x86)\FDRLab
    2012-01-28 15:42 . 2012-01-28 15:42 -------- d-----w- c:\users\Owner\.streamCapture
    2012-01-28 01:20 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-01-28 01:18 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-28 01:18 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-01-28 01:18 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-01-28 01:18 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-28 01:18 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-28 01:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-28 01:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-27 19:40 . 2011-08-23 01:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
    2012-01-27 19:40 . 2011-08-23 01:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40 . 2011-07-08 06:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
    2012-01-27 19:40 . 2012-01-27 19:40 -------- d-----w- c:\program files\Apowersoft
    2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\windows\system32\Macromed
    2012-01-27 19:01 . 2012-01-27 19:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
    2012-01-27 19:01 . 2010-12-24 16:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\windows\Applian Director
    2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\program files (x86)\Applian Director
    2012-01-27 15:41 . 2012-01-27 18:54 -------- d-----w- c:\program files (x86)\Replay Video Capture
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 12:44 . 2011-07-20 17:33 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-27 22:40 . 2011-07-22 19:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_00.21.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-07-20 17:08 . 2012-02-12 01:32 44530 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-02-12 01:32 44060 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-07-20 17:01 . 2012-02-12 01:32 13828 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3986105127-79878375-3251353310-1000_UserData.bin
    - 2011-07-20 16:54 . 2012-02-12 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-20 16:54 . 2012-02-12 01:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-20 16:54 . 2012-02-12 00:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-20 16:54 . 2012-02-12 01:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-20 16:54 . 2012-02-12 01:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-20 16:54 . 2012-02-12 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-20 21:10 . 2012-02-12 01:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-20 21:10 . 2012-02-12 00:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-20 21:10 . 2012-02-12 00:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-20 21:10 . 2012-02-12 01:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-02-12 00:21 . 2012-02-12 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-12 01:30 . 2012-02-12 01:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-12 01:30 . 2012-02-12 01:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-02-12 00:21 . 2012-02-12 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-02-12 00:20 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-02-12 01:29 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-07-22 14:39 . 2012-02-12 01:29 5693692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
    - 2011-07-22 14:39 . 2012-02-12 00:20 5693692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
    - 2009-07-14 02:34 . 2012-02-11 23:44 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-02-12 01:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-24 5201528]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 557056]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
    "Firefly"="c:\program files (x86)\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 180224]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MaxMem.lnk - c:\program files (x86)\AnalogX\MaxMem\maxmem.exe [2011-7-23 125424]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-2-11 106551]
    Beyond TV.lnk - c:\program files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe [2010-3-14 397312]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-7-24 519744]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-20 30528]
    R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
    S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-22 3246040]
    S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-01-19 8704]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
    S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird64.sys [x]
    S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
    S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-04-22 17:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>;
    IE: Download all by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - ESV Bible
    FF - prefs.js: browser.startup.homepage - hxxp://search.entru.com/?s=1109
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
    "ImagePath"="system32\DRIVERS\vdrv1000.sys"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\progra~2\COMMON~1\SNAPST~1\Common\x10nets.exe
    c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-11 20:59:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-12 01:59
    ComboFix2.txt 2012-02-12 00:24
    ComboFix3.txt 2012-02-01 18:46
    .
    Pre-Run: 40,338,268,160 bytes free
    Post-Run: 40,312,512,512 bytes free
    .
    - - End Of File - - C7E6C16DA69C87A02418C8E86DBC903C
  20. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    Still have the redirect problem
  21. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    Found it ... it was in the extension PDF Download (Nitro) ... uninstalled it and reinstalled it ... redirect gone

    Thanks
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Are you telling me that you resolved the problem and are finished?

    There is still malware on the system showing in both OTL and Combofix.
  23. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    No, just alerting you that main symptom which caused me to address this is now gone
  24. Rev1979

    Rev1979 Newcomer, in training Topic Starter Posts: 37

    Am I supposed to be doing something else?
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    We haven't gotten it all yet. Run the following please, while I check the Combofix log to see if there are other entries:

    OTL Custom Scan Fixes

    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3440EB47
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2
      [2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\ask.uk.xml
      [2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\conduit.xml
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
      FF - prefs.js..browser.startup.homepage: "http://search.entru.com/?s=1109"
      FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
      O18:64bit: - Protocol\Handler\belarc - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      [2012/02/02 16:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
      [2012/02/02 16:21:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
      [2012/02/02 11:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
      [2012/02/02 16:27:19 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
      [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\ex tensions\temp
      [2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\ask.uk.xml
      [2012/02/10 19:51:00 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\comcast.xml
      [2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\conduit.xml
      [2012/02/02 14:42:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0208.old
      [2012/02/02 14:42:34 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0208.old
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    =======================================
    Please uninsatll the Conduit Engine and Hitman Pro.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.