TechSpot

Computer runs slow

Solved
By lemowill
Sep 15, 2012
  1. Here are the logs - gmer didn't produce anything.

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300m

    www.malwarebytes.org

    Database version: v2012.09.10.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Psycho Dunpeal :: EVANGELION [administrator]

    Protection: Enabled

    10/09/2012 01:06:55 AM
    mbam-log-2012-09-10 (01-06-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 253676
    Time elapsed: 49 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Psycho Dunpeal at 0:43:49 on 2012-09-10
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.859 [GMT -4:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\CISVC.EXE
    C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PuranDefragS.exe
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\ProgramData\TVersity\Media Server\MediaServer.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\spool\drivers\x64\3\SJ1XRCV.exe
    C:\Program Files\Puran Defrag\PuranADT.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
    mStart Page = hxxp://www.yahoo.com/
    mDefault_Page_URL = hxxp://www.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [cdloader] "C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Google Update] "C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MusicManager] "C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [<NO NAME>]
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Windows\system32\HMIPCore.dll
    TCP: DhcpNameServer = 200.1.104.35 200.1.104.36
    TCP: Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633} : NameServer = 208.122.23.22,208.122.23.23
    TCP: Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633} : DhcpNameServer = 200.1.104.35 200.1.104.36
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli DPPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO-X64: DigitalPersona Personal Extension - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO-X64: Google Gears Helper - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    mRun-x64: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun-x64: [(Default)]
    mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {58ECB495-38F0-49cb-A538-10282ABF65E7}
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 127.94.0.1client.openvpn.net
    Hosts: 127.94.0.2openvpn-client.us.shieldexchange.com
     
  3. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 8000
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8000
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8000
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8000
    FF - prefs.js: network.proxy.type - 1
    FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
    FF - plugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll
    FF - plugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?]
    R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/02/24 17:37:09];C:\Program Files (x86)\HP\QuickPlay\000.fcl [2010-2-24 146928]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-25 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-25 110032]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-6 21504]
    R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 182296]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-16 655944]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
    R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9baeb3641e9a0;Google Update Service (gupdate1c9baeb3641e9a0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-11 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-7 250056]
    S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-11 133104]
    S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
    S3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-8-9 24176]
    S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
    S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys --> C:\Windows\system32\DRIVERS\s1018bus.sys [?]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys --> C:\Windows\system32\DRIVERS\s1018mdfl.sys [?]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys --> C:\Windows\system32\DRIVERS\s1018mdm.sys [?]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys --> C:\Windows\system32\DRIVERS\s1018mgmt.sys [?]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys --> C:\Windows\system32\DRIVERS\s1018nd5.sys [?]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys --> C:\Windows\system32\DRIVERS\s1018obex.sys [?]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys --> C:\Windows\system32\DRIVERS\s1018unic.sys [?]
    S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-09-09 21:31:24--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{09B577FC-DD88-4225-B822-5B16F020C7B8}
    2012-09-09 07:08:34--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{9C80F33C-518E-47BD-8C8C-23A45D1A1E23}
    2012-09-08 19:08:09--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{0E9B8DCE-65D2-40AC-9683-D9A2BE90B8CF}
    2012-09-08 07:04:39--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{BBC9C72A-F2AC-4E88-AAA2-642012F67B0D}
    2012-09-08 07:03:01--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{235F73DD-BB12-4530-9DDB-B7E5E1ECF34E}
    2012-09-07 18:04:14--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{6387130C-F1AB-40D4-81B1-3543946D8408}
    2012-09-07 06:50:5569000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C516B8A-9080-4833-9455-2DFB482F59A5}\offreg.dll
    2012-09-07 06:15:059310152----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C516B8A-9080-4833-9455-2DFB482F59A5}\mpengine.dll
    2012-09-07 06:01:06--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{2126E24A-8575-4812-97A1-4E230FB369A6}
    2012-09-07 03:35:43--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{0C93F1FF-12DD-4D74-B557-2C2AE1EAC120}
    2012-09-06 12:49:40--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{9FEC522A-5B86-4335-98FC-54E4E63F1A2F}
    2012-09-06 00:39:281216384----a-w-C:\Windows\isRS-000.tmp
    2012-09-05 21:11:45--------d-----w-C:\Users\Psycho Dunpeal\AppData\Local\{649D2DB1-7A09-407C-869B-57FE74FE4EBC}
    2012-08-15 08:21:59194048----a-w-C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2012-08-15 07:52:172769408----a-w-C:\Windows\System32\win32k.sys
    2012-08-14 19:59:04788480----a-w-C:\Windows\System32\localspl.dll
    2012-08-14 19:59:01623616----a-w-C:\Windows\SysWow64\localspl.dll
    .
    ==================== Find3M ====================
    .
    2012-09-04 03:41:26132480----a-w-C:\Windows\System32\PuranDefragBT.exe
    2012-08-15 02:16:2870344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 02:16:28426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-13 21:27:581366912----a-w-C:\Windows\System32\PuranFD.exe
    2012-08-13 21:27:44292736----a-w-C:\Windows\System32\PuranDefragS.exe
    2012-08-13 21:27:06287616----a-w-C:\Windows\System32\PuranDC.exe
    2012-08-13 21:13:32256896----a-w-C:\Windows\System32\PuranDefrag.dll
    2012-07-03 17:46:4424904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-06-28 03:28:352312704----a-w-C:\Windows\System32\jscript9.dll
    2012-06-28 03:21:171392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-28 03:20:411494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-28 03:16:25173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-28 03:12:352382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-28 00:27:121800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-28 00:19:521427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-28 00:18:161129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-28 00:12:08142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-28 00:07:442382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 0:47:26.07 ===============
     
  4. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 14/03/2008 02:16:31 AM
    System Uptime: 08/09/2012 09:41:14 AM (39 hours ago)
    .
    Motherboard: Quanta | | 30D0
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-62 | Socket S1 | 800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 219 GiB total, 89.092 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.253 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2272: 09/09/2012 03:04:26 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.3 Professional
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.1.4)
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIO_Scan
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    µTorrent
    AuthenTec Fingerprint Sensor Minimum Install
    Avira Free Antivirus
    AviSynth 2.5
    BE Limited III
    Byki
    Byki Express for Lemuel Williams
    Call Graph
    Carbonite Online Backup Setup
    Cards_Calendar_OrderGift_DoMorePlugout
    CCScore
    CDisplay 1.8
    Cisco Connect
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CleanUp!
    Combined Community Codec Pack 2009-09-09
    Compatibility Pack for the 2007 Office system
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeskScapes
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DVD Suite
    DVD43 Plug-in v1.0.0.5
    EA Link
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    ESU for Microsoft Vista
    fflink
    Free M4a to MP3 Converter 7.0
    Free Video Flip and Rotate version 1.8.12.602
    GetDataBack for FAT
    Google App Engine
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Gears
    Google Talk Plugin
    Google Update Helper
    Haali Media Splitter
    Handbrake 0.9.4
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    Hide My IP 5.3
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Quick Launch Buttons 6.30 E1
    HP QuickPlay 3.7
    HP Smart Web Printing
    HP Update
    HP User Guides 0087
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    iPhone Configuration Utility
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Junk Mail filter update
    KC Softwares SUMo
    KeyHoleTV
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    LabelPrint
    LightScribe Diagnostic Utility
    LightScribe System Software
    LogonStudio Vista
    Machete Lite 3.6
    Magic DVD Ripper V5.4.1
    Magical Jelly Bean KeyFinder
    magicJack
    Malwarebytes Anti-Malware version 1.62.0.1300
    Maxthon 3
    Media Go
    Media Go Video Playback Engine 1.84.111.07020
    Mesh Runtime
    Messenger Companion
    Messenger Plus! 5
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector 32-bit
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Reader
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MiniTool Partition Wizard Home Edition 7.0
    Mozilla Firefox 4.0 (x86 en-US)
    Mozilla Firefox 4.0b7 (x86 en-US)
    MSCU for Microsoft Vista
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    muvee autoProducer 6.1
    muvee Reveal Seagate Edition
    My HP Games
    MyPhoneExplorer
    netbrdg
    NetWaiting
    Notepad++
    Octoshape add-in for Adobe Flash Player
    OfotoXMI
    ooVoo
    Orb Runtime libraries
    PC Suite for Sony Ericsson
    PDF Settings
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    Power2Go
    PowerDirector
    PowerISO
    PS_AIO_Software_min
    PS3ThemeCreator
    PSP Video 9 5.04
    PSSWCORE
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealUpgrade 1.1
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    RockMelt
    Safari
    Samsung PC Studio 3 USB Driver Installer
    Scan
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Segoe UI
    SFR
    SHARP MX-M550/620/700 Series PC-Fax Driver
    SHARP PCL6 T1 Printer Driver
    SHARP PS T1 Printer Driver
    SHASTA
    skin0001
    SKINXSDK
    Skype™ 5.10
    SlingPlayer
    Sony Ericsson Themes Creator 4.16.2.6
    Sony Ericsson Update Engine
    Sony Ericsson Update Service
    Sony PC Companion 2.10.030
    Soundman 1.7.0
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 9
    SPSS 16.0 for Windows
    staticcr
    The Core Media Player 4.0
    TomTom HOME 2.7.6.2056
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TurboTax Audit Support Center 3.0
    TVersity Codec Pack 1.4
    TVersity Media Server 1.9.3
    Uninstall CDisplay
    Universal Extractor 1.6.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    Viewpoint Media Player
    Virtual DJ - Atomix Productions
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC
    VLC media player 1.1.11
    VNC Free Edition 4.1.3
    Vongo
    VPRINTOL
    Winamp
    WinDirStat 1.1.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WIRELESS
    Xilisoft Download YouTube Video
    yacib Portable Mp3
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/09/2012 05:31:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
    09/09/2012 03:29:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
    09/09/2012 03:01:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
    09/09/2012 03:01:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
    08/09/2012 10:25:54 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    08/09/2012 10:18:32 PM, Error: Service Control Manager [7034] - The Biometric Authentication Service service terminated unexpectedly. It has done this 1 time(s).
    08/09/2012 03:04:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
    08/09/2012 03:04:09 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/09/2012 03:03:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
    08/09/2012 02:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    08/09/2012 02:17:43 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/09/2012 02:17:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    08/09/2012 02:16:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
    08/09/2012 02:16:13 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/09/2012 01:51:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    07/09/2012 09:46:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
    07/09/2012 09:45:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
    07/09/2012 01:29:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    06/09/2012 10:40:28 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
    06/09/2012 10:39:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    06/09/2012 10:37:27 PM, Error: Service Control Manager [7023] -
    06/09/2012 10:36:27 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 0.0.0.0:4482. The error status code is contained within the returned data.
    06/09/2012 09:01:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    06/09/2012 09:00:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    06/09/2012 06:11:30 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    05/09/2012 12:08:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BROWNSUGAR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}. The master browser is stopping or an election is being forced.
    05/09/2012 12:01:01 AM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
    05/09/2012 05:56:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DARKNESS-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}. The master browser is stopping or an election is being forced.
    04/09/2012 11:15:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SONY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}. The master browser is stopping or an election is being forced.
    04/09/2012 05:50:09 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on K: cannot be read.
    04/09/2012 05:50:00 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on G: cannot be read.
    04/09/2012 01:20:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.10.101 for the Network Card with network address 001F3A4F1537 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    03/09/2012 02:03:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
    03/09/2012 01:52:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    01:43:05.0728 11316 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    01:43:06.0572 11316 ============================================================
    01:43:06.0573 11316 Current date / time: 2012/09/15 01:43:06.0572
    01:43:06.0573 11316 SystemInfo:
    01:43:06.0573 11316
    01:43:06.0573 11316 OS Version: 6.0.6002 ServicePack: 2.0
    01:43:06.0573 11316 Product type: Workstation
    01:43:06.0574 11316 ComputerName: EVANGELION
    01:43:06.0574 11316 UserName: Psycho Dunpeal
    01:43:06.0574 11316 Windows directory: C:\Windows
    01:43:06.0574 11316 System windows directory: C:\Windows
    01:43:06.0574 11316 Running under WOW64
    01:43:06.0574 11316 Processor architecture: Intel x64
    01:43:06.0574 11316 Number of processors: 2
    01:43:06.0574 11316 Page size: 0x1000
    01:43:06.0574 11316 Boot type: Normal boot
    01:43:06.0574 11316 ============================================================
    01:43:09.0086 11316 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    01:43:09.0166 11316 ============================================================
    01:43:09.0166 11316 \Device\Harddisk0\DR0:
    01:43:09.0167 11316 MBR partitions:
    01:43:09.0167 11316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B6D92A5
    01:43:09.0167 11316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B6D92E4, BlocksNum 0x1AEB29D
    01:43:09.0167 11316 ============================================================
    01:43:09.0201 11316 C: <-> \Device\Harddisk0\DR0\Partition1
    01:43:09.0250 11316 D: <-> \Device\Harddisk0\DR0\Partition2
    01:43:09.0251 11316 ============================================================
    01:43:09.0254 11316 Initialize success
    01:43:09.0254 11316 ============================================================
    01:43:15.0955 15944 ============================================================
    01:43:15.0956 15944 Scan started
    01:43:15.0956 15944 Mode: Manual;
    01:43:15.0956 15944 ============================================================
    01:43:18.0399 15944 ================ Scan system memory ========================
    01:43:18.0399 15944 System memory - ok
    01:43:18.0403 15944 ================ Scan services =============================
    01:43:18.0849 15944 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
    01:43:18.0857 15944 ACPI - ok
    01:43:18.0979 15944 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    01:43:18.0982 15944 AdobeARMservice - ok
    01:43:19.0317 15944 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    01:43:19.0322 15944 AdobeFlashPlayerUpdateSvc - ok
    01:43:19.0557 15944 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    01:43:19.0568 15944 adp94xx - ok
    01:43:19.0616 15944 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    01:43:19.0623 15944 adpahci - ok
    01:43:19.0979 15944 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    01:43:19.0983 15944 adpu160m - ok
    01:43:20.0022 15944 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    01:43:20.0026 15944 adpu320 - ok
    01:43:20.0143 15944 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    01:43:20.0145 15944 AeLookupSvc - ok
    01:43:20.0213 15944 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
    01:43:20.0223 15944 AFD - ok
    01:43:20.0262 15944 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
    01:43:20.0264 15944 agp440 - ok
    01:43:20.0300 15944 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    01:43:20.0303 15944 aic78xx - ok
    01:43:20.0412 15944 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    01:43:20.0416 15944 ALG - ok
    01:43:20.0498 15944 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
    01:43:20.0499 15944 aliide - ok
    01:43:20.0549 15944 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    01:43:20.0551 15944 amdide - ok
    01:43:20.0590 15944 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    01:43:20.0592 15944 AmdK8 - ok
    01:43:20.0711 15944 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    01:43:20.0714 15944 AntiVirSchedulerService - ok
    01:43:20.0781 15944 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    01:43:20.0784 15944 AntiVirService - ok
    01:43:20.0850 15944 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    01:43:20.0853 15944 Appinfo - ok
    01:43:20.0967 15944 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    01:43:20.0971 15944 Apple Mobile Device - ok
    01:43:21.0044 15944 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
    01:43:21.0050 15944 AppMgmt - ok
    01:43:21.0173 15944 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
    01:43:21.0176 15944 arc - ok
    01:43:21.0215 15944 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    01:43:21.0217 15944 arcsas - ok
    01:43:21.0266 15944 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    01:43:21.0269 15944 AsyncMac - ok
    01:43:21.0337 15944 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
    01:43:21.0338 15944 atapi - ok
    01:43:21.0510 15944 [ 7392080816811F6500FF685B8DB66D7F ] athr C:\Windows\system32\DRIVERS\athrx.sys
    01:43:21.0532 15944 athr - ok
    01:43:21.0599 15944 [ A16DA1048A7141D96A96AAAFC483E68D ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
    01:43:21.0605 15944 ATSWPDRV - ok
    01:43:21.0727 15944 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    01:43:21.0739 15944 AudioEndpointBuilder - ok
    01:43:21.0825 15944 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    01:43:21.0835 15944 AudioSrv - ok
    01:43:21.0870 15944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
    01:43:21.0873 15944 avgntflt - ok
    01:43:22.0011 15944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
    01:43:22.0015 15944 avipbb - ok
    01:43:22.0044 15944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
    01:43:22.0046 15944 avkmgr - ok
    01:43:22.0137 15944 [ 359EA3F7F297F61F773568D6EF5635CF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    01:43:22.0140 15944 AxInstSV - ok
    01:43:22.0418 15944 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
    01:43:22.0467 15944 BCM43XV - ok
    01:43:22.0630 15944 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
    01:43:22.0684 15944 BFE - ok
    01:43:22.0876 15944 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
    01:43:22.0900 15944 BITS - ok
    01:43:22.0916 15944 blbdrive - ok
    01:43:23.0076 15944 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    01:43:23.0086 15944 Bonjour Service - ok
    01:43:23.0143 15944 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    01:43:23.0147 15944 bowser - ok
    01:43:23.0240 15944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    01:43:23.0241 15944 BrFiltLo - ok
    01:43:23.0304 15944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    01:43:23.0305 15944 BrFiltUp - ok
    01:43:23.0351 15944 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    01:43:23.0355 15944 Browser - ok
    01:43:23.0433 15944 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    01:43:23.0435 15944 Brserid - ok
    01:43:23.0513 15944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    01:43:23.0515 15944 BrSerWdm - ok
    01:43:23.0588 15944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    01:43:23.0590 15944 BrUsbMdm - ok
    01:43:23.0627 15944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    01:43:23.0630 15944 BrUsbSer - ok
    01:43:23.0700 15944 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    01:43:23.0702 15944 BthEnum - ok
    01:43:23.0722 15944 [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    01:43:23.0725 15944 BTHMODEM - ok
    01:43:23.0799 15944 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    01:43:23.0803 15944 BthPan - ok
    01:43:24.0073 15944 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    01:43:24.0085 15944 BTHPORT - ok
    01:43:24.0245 15944 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
    01:43:24.0249 15944 BthServ - ok
    01:43:24.0269 15944 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    01:43:24.0272 15944 BTHUSB - ok
    01:43:24.0385 15944 [ 5C73E29F176A0A258EF2D339C1BD9E3E ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    01:43:24.0387 15944 btwaudio - ok
    01:43:24.0450 15944 [ 73B4341807E3398DAC73102E4709ECB0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    01:43:24.0453 15944 btwavdt - ok
    01:43:24.0503 15944 [ DA0386AED062087147A4A9E09A23F6F1 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    01:43:24.0505 15944 btwrchid - ok
    01:43:24.0582 15944 [ 942BD3CB0933FEBD194B42D4E489C246 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    01:43:24.0588 15944 CAXHWAZL - ok
    01:43:24.0667 15944 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    01:43:24.0671 15944 cdfs - ok
    01:43:24.0733 15944 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    01:43:24.0735 15944 cdrom - ok
    01:43:24.0807 15944 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
    01:43:24.0828 15944 CertPropSvc - ok
    01:43:24.0900 15944 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
    01:43:24.0902 15944 circlass - ok
    01:43:24.0954 15944 [ 2C0F16506BCBC80097D58099BC6BE4C0 ] CISVC C:\Windows\system32\CISVC.EXE
    01:43:24.0957 15944 CISVC - ok
    01:43:25.0012 15944 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
    01:43:25.0022 15944 CLFS - ok
    01:43:25.0132 15944 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    01:43:25.0136 15944 clr_optimization_v2.0.50727_32 - ok
    01:43:25.0337 15944 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    01:43:25.0342 15944 clr_optimization_v2.0.50727_64 - ok
    01:43:25.0463 15944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    01:43:25.0467 15944 clr_optimization_v4.0.30319_32 - ok
    01:43:25.0559 15944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    01:43:25.0563 15944 clr_optimization_v4.0.30319_64 - ok
    01:43:25.0623 15944 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    01:43:25.0627 15944 CmBatt - ok
    01:43:25.0716 15944 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    01:43:25.0718 15944 cmdide - ok
    01:43:25.0771 15944 [ 5A220D86C6E0DD92EA0EA157ED3CA267 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    01:43:25.0777 15944 CnxtHdAudService - ok
    01:43:25.0881 15944 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    01:43:25.0885 15944 Com4Qlb - ok
    01:43:25.0953 15944 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    01:43:25.0955 15944 Compbatt - ok
    01:43:25.0987 15944 COMSysApp - ok
    01:43:26.0072 15944 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    01:43:26.0074 15944 crcdisk - ok
    01:43:26.0175 15944 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    01:43:26.0181 15944 CryptSvc - ok
    01:43:26.0263 15944 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
    01:43:26.0283 15944 CSC - ok
    01:43:26.0484 15944 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
    01:43:26.0498 15944 CscService - ok
    01:43:26.0684 15944 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
    01:43:26.0714 15944 DcomLaunch - ok
    01:43:26.0780 15944 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    01:43:26.0784 15944 DfsC - ok
    01:43:27.0391 15944 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
    01:43:27.0465 15944 DFSR - ok
    01:43:27.0629 15944 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    01:43:27.0637 15944 Dhcp - ok
    01:43:27.0744 15944 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
    01:43:27.0747 15944 disk - ok
    01:43:27.0806 15944 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    01:43:27.0812 15944 Dnscache - ok
    01:43:27.0884 15944 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
    01:43:27.0891 15944 dot3svc - ok
    01:43:28.0090 15944 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    01:43:28.0093 15944 Dot4 - ok
    01:43:28.0214 15944 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    01:43:28.0216 15944 Dot4Print - ok
    01:43:28.0325 15944 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    01:43:28.0327 15944 dot4usb - ok
    01:43:28.0429 15944 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    01:43:28.0437 15944 DpHost - ok
    01:43:28.0474 15944 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    01:43:28.0481 15944 DPS - ok
    01:43:28.0565 15944 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    01:43:28.0567 15944 drmkaud - ok
    01:43:29.0044 15944 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    01:43:29.0062 15944 DXGKrnl - ok
    01:43:29.0207 15944 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    01:43:29.0211 15944 E1G60 - ok
    01:43:29.0331 15944 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    01:43:29.0336 15944 EapHost - ok
    01:43:29.0377 15944 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
    01:43:29.0382 15944 Ecache - ok
    01:43:29.0823 15944 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    01:43:29.0832 15944 ehRecvr - ok
    01:43:29.0957 15944 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    01:43:29.0962 15944 ehSched - ok
    01:43:30.0071 15944 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    01:43:30.0073 15944 ehstart - ok
    01:43:30.0238 15944 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
    01:43:30.0246 15944 elxstor - ok
    01:43:30.0622 15944 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    01:43:30.0633 15944 EMDMgmt - ok
    01:43:31.0288 15944 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
    01:43:31.0298 15944 EventSystem - ok
    01:43:31.0462 15944 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
    01:43:31.0468 15944 exfat - ok
    01:43:31.0659 15944 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    01:43:31.0706 15944 fastfat - ok
    01:43:32.0216 15944 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe
    01:43:32.0232 15944 Fax - ok
    01:43:32.0418 15944 [ 61B6DBD1AD1143F008364D4E9A96B224 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    01:43:32.0420 15944 fdc - ok
    01:43:32.0638 15944 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    01:43:32.0878 15944 fdPHost - ok
    01:43:33.0158 15944 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    01:43:33.0248 15944 FDResPub - ok
    01:43:33.0391 15944 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    01:43:33.0585 15944 FileInfo - ok
    01:43:33.0773 15944 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    01:43:33.0776 15944 Filetrace - ok
    01:43:34.0593 15944 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    01:43:35.0250 15944 FLEXnet Licensing Service - ok
    01:43:35.0467 15944 [ 12C3D1B4D0CE49E1CE343BA2F22F15E0 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    01:43:35.0468 15944 flpydisk - ok
    01:43:35.0772 15944 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    01:43:36.0047 15944 FltMgr - ok
    01:43:37.0255 15944 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
    01:43:38.0607 15944 FontCache - ok
    01:43:39.0147 15944 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    01:43:39.0150 15944 FontCache3.0.0.0 - ok
    01:43:39.0619 15944 [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    01:43:39.0789 15944 FreeAgentGoNext Service - ok
    01:43:39.0924 15944 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    01:43:39.0926 15944 fssfltr - ok
    01:43:41.0736 15944 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    01:43:41.0766 15944 fsssvc - ok
    01:43:42.0013 15944 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    01:43:42.0047 15944 Fs_Rec - ok
    01:43:42.0163 15944 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    01:43:42.0408 15944 fvevol - ok
    01:43:42.0655 15944 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    01:43:42.0657 15944 gagp30kx - ok
    01:43:43.0488 15944 [ 58F9EE8357271A5529CCCBD35A80E599 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    01:43:43.0494 15944 GameConsoleService - ok
    01:43:43.0615 15944 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    01:43:43.0617 15944 GEARAspiWDM - ok
    01:43:43.0783 15944 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
    01:43:43.0906 15944 ggflt - ok
    01:43:44.0024 15944 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
    01:43:44.0026 15944 ggsemc - ok
    01:43:44.0450 15944 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
    01:43:45.0062 15944 gpsvc - ok
    01:43:45.0488 15944 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9baeb3641e9a0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    01:43:45.0546 15944 gupdate1c9baeb3641e9a0 - ok
    01:43:45.0679 15944 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    01:43:45.0683 15944 gupdatem - ok
    01:43:46.0211 15944 [ 1103D2096037FECDDF254DBD7ED16A85 ] hcw85bda C:\Windows\system32\drivers\HCW85BDA.sys
    01:43:46.0236 15944 hcw85bda - ok
    01:43:46.0431 15944 [ C187C2A98D3E98000D11F86AD3C224F6 ] HdAudAddService C:\Windows\system32\drivers\CHDART64.sys
    01:43:46.0436 15944 HdAudAddService - ok
    01:43:46.0907 15944 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    01:43:46.0926 15944 HDAudBus - ok
    01:43:47.0029 15944 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    01:43:47.0031 15944 HidBth - ok
    01:43:47.0159 15944 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
    01:43:47.0161 15944 HidIr - ok
    01:43:47.0263 15944 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
    01:43:47.0281 15944 hidserv - ok
    01:43:47.0401 15944 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    01:43:47.0421 15944 HidUsb - ok
    01:43:47.0540 15944 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    01:43:47.0599 15944 hkmsvc - ok
    01:43:47.0906 15944 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    01:43:47.0909 15944 HP Health Check Service - ok
    01:43:48.0063 15944 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    01:43:48.0065 15944 HpCISSs - ok
    01:43:48.0646 15944 [ A30E97371E38EF45B0757561B2796733 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    01:43:48.0651 15944 hpqcxs08 - ok
    01:43:48.0753 15944 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    01:43:48.0848 15944 HpqKbFiltr - ok
    01:43:49.0155 15944 [ E53D53D66D61794AF8160741946D0B43 ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
    01:43:49.0216 15944 HpqRemHid - ok
    01:43:49.0535 15944 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    01:43:49.0539 15944 hpqwmiex - ok
    01:43:49.0746 15944 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    01:43:49.0753 15944 HSFHWAZL - ok
    01:43:50.0899 15944 [ DDA869537AE9CE501954CB7793134D96 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
    01:43:50.0929 15944 HSF_DPV - ok
    01:43:51.0742 15944 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    01:43:51.0756 15944 HTTP - ok
    01:43:52.0014 15944 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    01:43:52.0016 15944 i2omp - ok
    01:43:52.0402 15944 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    01:43:52.0405 15944 i8042prt - ok
    01:43:52.0598 15944 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    01:43:52.0605 15944 iaStorV - ok
    01:43:53.0476 15944 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    01:43:53.0479 15944 IDriverT - ok
    01:43:54.0385 15944 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    01:43:54.0402 15944 idsvc - ok
    01:43:54.0544 15944 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    01:43:54.0546 15944 iirsp - ok
    01:43:54.0905 15944 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
    01:43:55.0151 15944 IKEEXT - ok
    01:43:55.0232 15944 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
    01:43:55.0312 15944 intelide - ok
    01:43:55.0436 15944 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    01:43:55.0438 15944 intelppm - ok
    01:43:55.0576 15944 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    01:43:55.0613 15944 IPBusEnum - ok
    01:43:55.0782 15944 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    01:43:55.0785 15944 IpFilterDriver - ok
    01:43:55.0977 15944 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    01:43:56.0102 15944 iphlpsvc - ok
    01:43:56.0144 15944 IpInIp - ok
    01:43:56.0436 15944 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    01:43:56.0439 15944 IPMIDRV - ok
    01:43:56.0604 15944 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    01:43:56.0608 15944 IPNAT - ok
    01:43:57.0515 15944 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    01:43:57.0536 15944 iPod Service - ok
    01:43:57.0866 15944 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    01:43:58.0006 15944 IRENUM - ok
    01:43:58.0233 15944 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    01:43:58.0235 15944 isapnp - ok
    01:43:58.0548 15944 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    01:43:58.0553 15944 iScsiPrt - ok
    01:43:58.0814 15944 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    01:43:58.0816 15944 iteatapi - ok
    01:43:58.0863 15944 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    01:43:58.0865 15944 iteraid - ok
    01:43:59.0249 15944 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    01:43:59.0251 15944 kbdclass - ok
    01:43:59.0493 15944 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    01:43:59.0494 15944 kbdhid - ok
    01:43:59.0681 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
    01:43:59.0770 15944 KeyIso - ok
    01:44:00.0183 15944 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    01:44:00.0451 15944 KSecDD - ok
    01:44:00.0631 15944 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    01:44:00.0634 15944 ksthunk - ok
    01:44:01.0006 15944 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    01:44:01.0147 15944 KtmRm - ok
    01:44:01.0265 15944 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
    01:44:01.0278 15944 LanmanServer - ok
    01:44:01.0396 15944 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    01:44:01.0542 15944 LanmanWorkstation - ok
    01:44:01.0786 15944 [ 6E7B4E75E8A226EDC8A9A8B1C3510F9B ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    01:44:01.0789 15944 LightScribeService - ok
    01:44:01.0960 15944 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    01:44:01.0963 15944 lltdio - ok
    01:44:02.0453 15944 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    01:44:02.0464 15944 lltdsvc - ok
    01:44:02.0541 15944 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    01:44:02.0617 15944 lmhosts - ok
    01:44:02.0829 15944 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    01:44:02.0832 15944 LSI_FC - ok
    01:44:03.0035 15944 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    01:44:03.0038 15944 LSI_SAS - ok
    01:44:03.0094 15944 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    01:44:03.0096 15944 LSI_SCSI - ok
    01:44:03.0265 15944 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    01:44:03.0272 15944 luafv - ok
    01:44:04.0039 15944 [ C7039D97DCD940ABA7CDF2074DE828CA ] LVcKap64 C:\Windows\system32\DRIVERS\LVcKap64.sys
    01:44:04.0071 15944 LVcKap64 - ok
    01:44:04.0215 15944 [ 254B2D815D90942E8AE5D84640FC8E4C ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
    01:44:04.0251 15944 LVCOMSer - ok
    01:44:04.0409 15944 [ 5AC4CD0E92449213E338CD1CBCB0FB7A ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
    01:44:04.0453 15944 LVMVDrv - ok
    01:44:04.0527 15944 [ 8D53FE6DDD9855189A823C2A6A99A65F ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
    01:44:04.0529 15944 LVPr2M64 - ok
    01:44:04.0614 15944 [ EE0A3A04E1DB4FC5D376E4E5E3FDB224 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    01:44:04.0619 15944 LVPrcS64 - ok
    01:44:04.0676 15944 [ B409D1C5FE799A8706E38653671A9688 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    01:44:04.0680 15944 LVSrvLauncher - ok
    01:44:04.0724 15944 [ 0034F69D0007D3F77F6B96FA51228E85 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
    01:44:04.0729 15944 LVUSBS64 - ok
    01:44:04.0786 15944 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    01:44:04.0792 15944 MBAMProtector - ok
    01:44:05.0081 15944 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    01:44:05.0132 15944 MBAMScheduler - ok
    01:44:05.0263 15944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    01:44:05.0357 15944 MBAMService - ok
    01:44:05.0402 15944 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    01:44:05.0411 15944 Mcx2Svc - ok
    01:44:05.0500 15944 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    01:44:05.0556 15944 mdmxsdk - ok
    01:44:05.0668 15944 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
    01:44:05.0671 15944 megasas - ok
    01:44:05.0776 15944 Microsoft SharePoint Workspace Audit Service - ok
    01:44:05.0825 15944 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    01:44:05.0914 15944 MMCSS - ok
    01:44:05.0944 15944 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    01:44:05.0947 15944 Modem - ok
    01:44:05.0984 15944 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    01:44:05.0994 15944 monitor - ok
    01:44:06.0062 15944 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    01:44:06.0064 15944 mouclass - ok
    01:44:06.0144 15944 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    01:44:06.0148 15944 mouhid - ok
    01:44:06.0217 15944 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    01:44:06.0233 15944 MountMgr - ok
    01:44:06.0362 15944 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
    01:44:06.0365 15944 mpio - ok
    01:44:06.0493 15944 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    01:44:06.0496 15944 mpsdrv - ok
    01:44:06.0557 15944 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
    01:44:06.0581 15944 MpsSvc - ok
    01:44:06.0663 15944 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    01:44:06.0666 15944 Mraid35x - ok
    01:44:06.0741 15944 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    01:44:06.0748 15944 MRxDAV - ok
    01:44:06.0837 15944 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    01:44:06.0845 15944 mrxsmb - ok
    01:44:06.0935 15944 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    01:44:06.0948 15944 mrxsmb10 - ok
    01:44:06.0979 15944 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    01:44:07.0014 15944 mrxsmb20 - ok
    01:44:07.0102 15944 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
    01:44:07.0104 15944 msahci - ok
    01:44:07.0224 15944 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
    01:44:07.0227 15944 msdsm - ok
    01:44:07.0328 15944 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    01:44:07.0334 15944 MSDTC - ok
    01:44:07.0416 15944 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    01:44:07.0420 15944 Msfs - ok
    01:44:07.0475 15944 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    01:44:07.0483 15944 msisadrv - ok
    01:44:07.0681 15944 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    01:44:07.0687 15944 MSiSCSI - ok
    01:44:07.0703 15944 msiserver - ok
    01:44:07.0761 15944 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    01:44:07.0765 15944 MSKSSRV - ok
    01:44:07.0862 15944 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    01:44:07.0881 15944 MSPCLOCK - ok
    01:44:07.0915 15944 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    01:44:07.0919 15944 MSPQM - ok
    01:44:08.0005 15944 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    01:44:08.0018 15944 MsRPC - ok
    01:44:08.0088 15944 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    01:44:08.0091 15944 mssmbios - ok
    01:44:08.0139 15944 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    01:44:08.0143 15944 MSTEE - ok
    01:44:08.0190 15944 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
    01:44:08.0197 15944 Mup - ok
    01:44:08.0255 15944 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
    01:44:08.0327 15944 napagent - ok
    01:44:08.0429 15944 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    01:44:08.0436 15944 NativeWifiP - ok
    01:44:08.0511 15944 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
    01:44:08.0537 15944 NDIS - ok
    01:44:08.0616 15944 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    01:44:08.0619 15944 NdisTapi - ok
    01:44:08.0692 15944 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    01:44:08.0695 15944 Ndisuio - ok
    01:44:08.0816 15944 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    01:44:08.0821 15944 NdisWan - ok
    01:44:08.0981 15944 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    01:44:08.0985 15944 NDProxy - ok
    01:44:09.0082 15944 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    01:44:09.0091 15944 Net Driver HPZ12 - ok
    01:44:09.0317 15944 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    01:44:09.0348 15944 NetBIOS - ok
    01:44:09.0429 15944 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    01:44:09.0607 15944 netbt - ok
    01:44:09.0660 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
    01:44:09.0666 15944 Netlogon - ok
    01:44:09.0717 15944 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    01:44:09.0733 15944 Netman - ok
    01:44:09.0783 15944 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    01:44:09.0798 15944 netprofm - ok
    01:44:09.0881 15944 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
     
  7. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    01:44:09.0886 15944 NetTcpPortSharing - ok
    01:44:09.0977 15944 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    01:44:09.0980 15944 nfrd960 - ok
    01:44:10.0056 15944 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    01:44:10.0068 15944 NlaSvc - ok
    01:44:10.0143 15944 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    01:44:10.0147 15944 Npfs - ok
    01:44:10.0184 15944 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    01:44:10.0202 15944 nsi - ok
    01:44:10.0275 15944 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    01:44:10.0279 15944 nsiproxy - ok
    01:44:10.0751 15944 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    01:44:11.0098 15944 Ntfs - ok
    01:44:11.0199 15944 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    01:44:11.0216 15944 Null - ok
    01:44:11.0520 15944 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
    01:44:11.0551 15944 NVENETFD - ok
    01:44:12.0724 15944 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    01:44:13.0261 15944 nvlddmkm - ok
    01:44:13.0376 15944 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    01:44:13.0386 15944 nvraid - ok
    01:44:13.0435 15944 [ 76B304C8156779D4D39530118ACF1D1A ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
    01:44:13.0437 15944 nvsmu - ok
    01:44:13.0476 15944 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
    01:44:13.0479 15944 nvstor - ok
    01:44:13.0634 15944 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
    01:44:13.0644 15944 nvsvc - ok
    01:44:13.0685 15944 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    01:44:13.0689 15944 nv_agp - ok
    01:44:13.0731 15944 NwlnkFlt - ok
    01:44:13.0749 15944 NwlnkFwd - ok
    01:44:13.0809 15944 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    01:44:13.0812 15944 ohci1394 - ok
    01:44:13.0928 15944 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    01:44:13.0936 15944 ose - ok
    01:44:14.0723 15944 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    01:44:15.0560 15944 osppsvc - ok
    01:44:15.0719 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
    01:44:15.0752 15944 p2pimsvc - ok
    01:44:15.0819 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
    01:44:15.0839 15944 p2psvc - ok
    01:44:15.0910 15944 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    01:44:15.0913 15944 Parport - ok
    01:44:15.0974 15944 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    01:44:15.0985 15944 partmgr - ok
    01:44:16.0072 15944 [ 5418D3D8A2135C533F232E3C2B83F153 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
    01:44:16.0074 15944 pbfilter - ok
    01:44:16.0289 15944 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    01:44:16.0309 15944 PcaSvc - ok
    01:44:16.0391 15944 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
    01:44:16.0400 15944 pci - ok
    01:44:16.0444 15944 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
    01:44:16.0448 15944 pciide - ok
    01:44:16.0602 15944 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    01:44:16.0608 15944 pcmcia - ok
    01:44:16.0678 15944 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    01:44:16.0692 15944 PEAUTH - ok
    01:44:17.0049 15944 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    01:44:17.0057 15944 PerfHost - ok
    01:44:17.0202 15944 [ 37EA62238E17AE88E4713D9246CA1C1C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
    01:44:17.0224 15944 PID_PEPI - ok
    01:44:17.0373 15944 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    01:44:17.0402 15944 pla - ok
    01:44:17.0517 15944 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    01:44:17.0544 15944 PlugPlay - ok
    01:44:17.0570 15944 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    01:44:17.0577 15944 Pml Driver HPZ12 - ok
    01:44:17.0698 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    01:44:17.0721 15944 PNRPAutoReg - ok
    01:44:17.0819 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
    01:44:17.0840 15944 PNRPsvc - ok
    01:44:18.0005 15944 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    01:44:18.0024 15944 PolicyAgent - ok
    01:44:18.0128 15944 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    01:44:18.0132 15944 PptpMiniport - ok
    01:44:18.0247 15944 [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor C:\Windows\system32\drivers\processr.sys
    01:44:18.0249 15944 Processor - ok
    01:44:18.0337 15944 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
    01:44:18.0349 15944 ProfSvc - ok
    01:44:18.0394 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
    01:44:18.0398 15944 ProtectedStorage - ok
    01:44:18.0467 15944 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    01:44:18.0490 15944 PSched - ok
    01:44:18.0635 15944 [ CAEA9990B58C9A22B9DBC96E85DB3688 ] PuranDefrag C:\Windows\system32\PuranDefragS.exe
    01:44:18.0750 15944 PuranDefrag - ok
    01:44:18.0867 15944 [ 595A22C4CCE855E72D475835F3DF2D53 ] pwdrvio C:\Windows\system32\pwdrvio.sys
    01:44:18.0874 15944 pwdrvio - ok
    01:44:18.0960 15944 [ 70EB529F6FEDAC79D0A8E3BB79999277 ] pwdspio C:\Windows\system32\pwdspio.sys
    01:44:18.0967 15944 pwdspio - ok
    01:44:19.0071 15944 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    01:44:19.0091 15944 ql2300 - ok
    01:44:19.0190 15944 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    01:44:19.0194 15944 ql40xx - ok
    01:44:19.0379 15944 [ 2D757E14216E643E7885EBC0CFB0B906 ] QPCapSvc C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    01:44:19.0390 15944 QPCapSvc - ok
    01:44:19.0424 15944 [ EA8B29EAD23DA9DA2F5DF1DA7C82E308 ] QPSched C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
    01:44:19.0429 15944 QPSched - ok
    01:44:19.0510 15944 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    01:44:19.0520 15944 QWAVE - ok
    01:44:19.0574 15944 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    01:44:19.0577 15944 QWAVEdrv - ok
    01:44:19.0621 15944 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    01:44:19.0624 15944 RasAcd - ok
    01:44:19.0659 15944 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    01:44:19.0667 15944 RasAuto - ok
    01:44:19.0745 15944 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    01:44:19.0749 15944 Rasl2tp - ok
    01:44:19.0865 15944 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
    01:44:19.0880 15944 RasMan - ok
    01:44:19.0910 15944 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    01:44:19.0914 15944 RasPppoe - ok
    01:44:20.0011 15944 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    01:44:20.0015 15944 RasSstp - ok
    01:44:20.0115 15944 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    01:44:20.0275 15944 rdbss - ok
    01:44:20.0376 15944 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    01:44:20.0425 15944 RDPCDD - ok
    01:44:20.0485 15944 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
    01:44:20.0493 15944 rdpdr - ok
    01:44:20.0511 15944 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    01:44:20.0515 15944 RDPENCDD - ok
    01:44:20.0590 15944 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    01:44:20.0597 15944 RDPWD - ok
    01:44:20.0661 15944 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    01:44:20.0667 15944 RemoteAccess - ok
    01:44:20.0710 15944 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    01:44:20.0719 15944 RemoteRegistry - ok
    01:44:20.0750 15944 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
    01:44:20.0752 15944 Revoflt - ok
    01:44:20.0796 15944 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    01:44:20.0829 15944 RFCOMM - ok
    01:44:21.0014 15944 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    01:44:21.0024 15944 RichVideo - ok
    01:44:21.0073 15944 [ E31960692CBB3A8BCDF300BC1D889E1F ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
    01:44:21.0076 15944 rimmptsk - ok
    01:44:21.0144 15944 [ 82356915157AB59064A24993AE5BE8AA ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
    01:44:21.0147 15944 rimsptsk - ok
    01:44:21.0184 15944 RimUsb - ok
    01:44:21.0259 15944 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    01:44:21.0261 15944 RimVSerPort - ok
    01:44:21.0327 15944 [ C01A92A546854A3E34103B642F0F94A1 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
    01:44:21.0330 15944 rismxdp - ok
    01:44:21.0456 15944 [ F913517BB2F3A73EC6B9B65E5DC7B420 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
    01:44:21.0461 15944 RMCAST - ok
    01:44:21.0581 15944 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    01:44:21.0626 15944 ROOTMODEM - ok
    01:44:21.0726 15944 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    01:44:21.0738 15944 RpcLocator - ok
    01:44:22.0157 15944 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
    01:44:22.0523 15944 RpcSs - ok
    01:44:22.0599 15944 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    01:44:22.0603 15944 rspndr - ok
    01:44:22.0660 15944 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
    01:44:22.0665 15944 s0016bus - ok
    01:44:22.0726 15944 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
    01:44:22.0730 15944 s0016mdfl - ok
    01:44:22.0818 15944 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
    01:44:22.0824 15944 s0016mdm - ok
    01:44:22.0880 15944 [ 301FBA4594FB5C0A469299A65106B4AA ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
    01:44:22.0884 15944 s1018bus - ok
    01:44:23.0053 15944 [ D1D7C744F79710357E60FC04D125ED01 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
    01:44:23.0076 15944 s1018mdfl - ok
    01:44:23.0182 15944 [ 7DBE12CCCD837D4266B2DDD80A329C09 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
    01:44:23.0189 15944 s1018mdm - ok
    01:44:23.0357 15944 [ 065FF5E62D2D18A6D93FD925546CD549 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
    01:44:23.0362 15944 s1018mgmt - ok
    01:44:23.0443 15944 [ 5101D815BDF0D667E3D5F0EA727CAAEE ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
    01:44:23.0445 15944 s1018nd5 - ok
    01:44:23.0484 15944 [ 13F220C65B444AC9BDA49DACFC3230BB ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
    01:44:23.0488 15944 s1018obex - ok
    01:44:23.0575 15944 [ CE7D8BCE80211D8A35F6BD7A87791860 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
    01:44:23.0584 15944 s1018unic - ok
    01:44:23.0621 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
    01:44:23.0625 15944 SamSs - ok
    01:44:23.0753 15944 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    01:44:23.0758 15944 sbp2port - ok
    01:44:23.0888 15944 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
    01:44:23.0900 15944 SCardSvr - ok
    01:44:23.0954 15944 [ 4DFE7ADB4188F01ACE51F9AA7C6A2924 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    01:44:23.0957 15944 SCDEmu - ok
    01:44:24.0788 15944 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
    01:44:25.0083 15944 Schedule - ok
    01:44:25.0313 15944 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
    01:44:25.0317 15944 SCPolicySvc - ok
    01:44:25.0443 15944 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    01:44:25.0447 15944 sdbus - ok
    01:44:25.0568 15944 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    01:44:25.0578 15944 SDRSVC - ok
    01:44:25.0738 15944 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    01:44:25.0747 15944 SeaPort - ok
    01:44:25.0808 15944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    01:44:25.0812 15944 secdrv - ok
    01:44:25.0852 15944 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    01:44:25.0858 15944 seclogon - ok
    01:44:25.0896 15944 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
    01:44:25.0898 15944 seehcri - ok
    01:44:25.0972 15944 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    01:44:25.0980 15944 SENS - ok
    01:44:26.0016 15944 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    01:44:26.0018 15944 Serenum - ok
    01:44:26.0082 15944 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    01:44:26.0086 15944 Serial - ok
    01:44:26.0164 15944 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    01:44:26.0166 15944 sermouse - ok
    01:44:26.0311 15944 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    01:44:26.0319 15944 SessionEnv - ok
    01:44:26.0396 15944 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    01:44:26.0456 15944 sffdisk - ok
    01:44:26.0525 15944 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    01:44:26.0528 15944 sffp_mmc - ok
    01:44:26.0582 15944 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    01:44:26.0593 15944 sffp_sd - ok
    01:44:26.0622 15944 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    01:44:26.0626 15944 sfloppy - ok
    01:44:26.0696 15944 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    01:44:26.0706 15944 SharedAccess - ok
    01:44:26.0829 15944 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    01:44:26.0843 15944 ShellHWDetection - ok
    01:44:26.0877 15944 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    01:44:26.0880 15944 SiSRaid2 - ok
    01:44:27.0091 15944 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    01:44:27.0094 15944 SiSRaid4 - ok
    01:44:27.0159 15944 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    01:44:27.0166 15944 SkypeUpdate - ok
    01:44:27.0928 15944 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
    01:44:28.0169 15944 slsvc - ok
    01:44:28.0349 15944 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
    01:44:28.0359 15944 SLUINotify - ok
    01:44:28.0528 15944 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    01:44:28.0532 15944 Smb - ok
    01:44:28.0599 15944 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    01:44:28.0607 15944 SNMPTRAP - ok
    01:44:28.0802 15944 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
    01:44:28.0806 15944 Sony PC Companion - ok
    01:44:28.0937 15944 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
    01:44:28.0945 15944 speedfan - ok
    01:44:29.0000 15944 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
    01:44:29.0004 15944 spldr - ok
    01:44:29.0097 15944 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
    01:44:29.0112 15944 Spooler - ok
    01:44:29.0197 15944 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
    01:44:29.0199 15944 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
    01:44:29.0205 15944 sptd ( LockedFile.Multi.Generic ) - warning
    01:44:29.0206 15944 sptd - detected LockedFile.Multi.Generic (1)
    01:44:29.0287 15944 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
    01:44:29.0352 15944 srv - ok
    01:44:29.0437 15944 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    01:44:29.0475 15944 srv2 - ok
    01:44:29.0505 15944 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    01:44:29.0513 15944 srvnet - ok
    01:44:29.0588 15944 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    01:44:29.0602 15944 SSDPSRV - ok
    01:44:29.0673 15944 [ 7C1BAC427EC5F9641ED769355B71A674 ] ssm_bus C:\Windows\system32\DRIVERS\ssm_bus.sys
    01:44:29.0677 15944 ssm_bus - ok
    01:44:29.0756 15944 [ 3B24A09EA547D1E7768E0ABD7AEA7F07 ] ssm_mdfl C:\Windows\system32\DRIVERS\ssm_mdfl.sys
    01:44:29.0768 15944 ssm_mdfl - ok
    01:44:29.0896 15944 [ 6F5AE233D7286EA8E42851846C6322FE ] ssm_mdm C:\Windows\system32\DRIVERS\ssm_mdm.sys
    01:44:29.0900 15944 ssm_mdm - ok
    01:44:29.0938 15944 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    01:44:29.0949 15944 SstpSvc - ok
    01:44:30.0066 15944 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
    01:44:30.0090 15944 stisvc - ok
    01:44:30.0143 15944 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    01:44:30.0147 15944 swenum - ok
    01:44:30.0213 15944 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
    01:44:30.0234 15944 swprv - ok
    01:44:30.0308 15944 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    01:44:30.0311 15944 Symc8xx - ok
    01:44:30.0328 15944 SymIMMP - ok
    01:44:30.0355 15944 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    01:44:30.0358 15944 Sym_hi - ok
    01:44:30.0397 15944 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    01:44:30.0399 15944 Sym_u3 - ok
    01:44:30.0460 15944 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    01:44:30.0470 15944 SynTP - ok
    01:44:30.0633 15944 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
    01:44:30.0824 15944 SysMain - ok
    01:44:30.0877 15944 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    01:44:30.0886 15944 TabletInputService - ok
    01:44:30.0943 15944 [ E965FC7627862779BA31A4FCB7D0C1EF ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    01:44:30.0946 15944 tap0901 - ok
    01:44:31.0063 15944 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
    01:44:31.0112 15944 TapiSrv - ok
    01:44:31.0236 15944 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
    01:44:31.0238 15944 tapoas - ok
    01:44:31.0300 15944 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    01:44:31.0331 15944 TBS - ok
    01:44:31.0467 15944 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    01:44:31.0517 15944 Tcpip - ok
    01:44:31.0577 15944 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    01:44:31.0610 15944 Tcpip6 - ok
    01:44:31.0658 15944 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    01:44:31.0661 15944 tcpipreg - ok
    01:44:31.0727 15944 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    01:44:31.0731 15944 TDPIPE - ok
    01:44:31.0821 15944 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    01:44:31.0824 15944 TDTCP - ok
    01:44:31.0899 15944 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    01:44:31.0904 15944 tdx - ok
    01:44:32.0024 15944 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    01:44:32.0027 15944 TermDD - ok
    01:44:32.0207 15944 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
    01:44:32.0294 15944 TermService - ok
    01:44:32.0328 15944 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
    01:44:32.0339 15944 Themes - ok
    01:44:32.0439 15944 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    01:44:32.0444 15944 THREADORDER - ok
    01:44:32.0512 15944 [ 5F97EE54EA57AE6B857D71313D09F672 ] TlntSvr C:\Windows\System32\tlntsvr.exe
    01:44:32.0520 15944 TlntSvr - ok
    01:44:32.0631 15944 [ 747E60B773E95F6C93D5621B550D6865 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    01:44:32.0634 15944 TomTomHOMEService - ok
    01:44:32.0683 15944 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    01:44:32.0707 15944 TrkWks - ok
    01:44:32.0771 15944 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    01:44:32.0774 15944 TrustedInstaller - ok
    01:44:32.0851 15944 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    01:44:32.0856 15944 tssecsrv - ok
    01:44:32.0897 15944 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    01:44:32.0901 15944 tunmp - ok
    01:44:32.0943 15944 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    01:44:32.0969 15944 tunnel - ok
    01:44:33.0167 15944 [ E0A9B5B92097211A57FD16D27F2B3750 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
    01:44:33.0233 15944 TVersityMediaServer - ok
    01:44:33.0280 15944 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    01:44:33.0283 15944 uagp35 - ok
    01:44:33.0389 15944 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    01:44:33.0398 15944 udfs - ok
    01:44:33.0492 15944 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    01:44:33.0499 15944 UI0Detect - ok
    01:44:33.0546 15944 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    01:44:33.0550 15944 uliagpkx - ok
    01:44:33.0635 15944 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    01:44:33.0643 15944 uliahci - ok
    01:44:33.0692 15944 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    01:44:33.0697 15944 UlSata - ok
    01:44:33.0748 15944 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    01:44:33.0753 15944 ulsata2 - ok
    01:44:33.0795 15944 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    01:44:33.0798 15944 umbus - ok
    01:44:33.0882 15944 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
    01:44:33.0896 15944 UmRdpService - ok
    01:44:33.0967 15944 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    01:44:33.0984 15944 upnphost - ok
    01:44:34.0050 15944 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    01:44:34.0053 15944 USBAAPL64 - ok
    01:44:34.0091 15944 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    01:44:34.0095 15944 usbaudio - ok
    01:44:34.0157 15944 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    01:44:34.0161 15944 usbccgp - ok
    01:44:34.0231 15944 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    01:44:34.0234 15944 usbcir - ok
    01:44:34.0286 15944 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    01:44:34.0289 15944 usbehci - ok
    01:44:34.0365 15944 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    01:44:34.0372 15944 usbhub - ok
    01:44:34.0415 15944 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    01:44:34.0417 15944 usbohci - ok
    01:44:34.0471 15944 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    01:44:34.0474 15944 usbprint - ok
    01:44:34.0532 15944 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    01:44:34.0535 15944 usbscan - ok
    01:44:34.0612 15944 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    01:44:34.0618 15944 USBSTOR - ok
    01:44:34.0662 15944 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    01:44:34.0664 15944 usbuhci - ok
    01:44:34.0716 15944 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    01:44:34.0721 15944 usbvideo - ok
    01:44:34.0781 15944 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
    01:44:34.0789 15944 UxSms - ok
    01:44:35.0006 15944 [ 7E8F34CB8FCDF86FE7C6696471ADAD70 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
    01:44:35.0011 15944 VBoxDrv - ok
    01:44:35.0074 15944 [ 0F1F83DBCA1BB590D585128C9E6E4A78 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    01:44:35.0078 15944 VBoxNetAdp - ok
    01:44:35.0125 15944 [ B5AD50E438E12ACAEAA998852B5FE110 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    01:44:35.0130 15944 VBoxNetFlt - ok
    01:44:35.0179 15944 [ DFB37C4CF3ECFC01BFD7D2CF1B4589D3 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
    01:44:35.0182 15944 VBoxUSB - ok
    01:44:35.0231 15944 [ 623DB1D5355AF07FB7BE4D90C51CDA73 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    01:44:35.0234 15944 VBoxUSBMon - ok
    01:44:35.0400 15944 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
    01:44:35.0416 15944 vds - ok
    01:44:35.0480 15944 [ 2998DC48905E9B4821AD8FD75B3E070C ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    01:44:35.0483 15944 vga - ok
    01:44:35.0547 15944 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    01:44:35.0550 15944 VgaSave - ok
    01:44:35.0582 15944 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    01:44:35.0608 15944 viaide - ok
    01:44:35.0700 15944 [ C117CEDFB9BFEADB29106FDAC1358470 ] vmm C:\Windows\system32\Drivers\vmm.sys
    01:44:35.0708 15944 vmm - ok
    01:44:35.0752 15944 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
    01:44:35.0768 15944 volmgr - ok
    01:44:35.0858 15944 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    01:44:35.0874 15944 volmgrx - ok
    01:44:35.0984 15944 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
    01:44:35.0996 15944 volsnap - ok
    01:44:36.0072 15944 [ 4B7F8CABBF7261796F12780E911D5F34 ] Vongo Service C:\Program Files (x86)\Vongo\VongoService.exe
    01:44:36.0077 15944 Vongo Service - ok
    01:44:36.0152 15944 [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
    01:44:36.0181 15944 VPCNetS2 - ok
    01:44:36.0269 15944 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    01:44:36.0273 15944 vsmraid - ok
    01:44:36.0416 15944 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
    01:44:36.0516 15944 VSS - ok
    01:44:36.0661 15944 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
    01:44:36.0679 15944 W32Time - ok
    01:44:36.0749 15944 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    01:44:36.0752 15944 WacomPen - ok
    01:44:36.0849 15944 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    01:44:36.0864 15944 Wanarp - ok
    01:44:36.0884 15944 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    01:44:36.0889 15944 Wanarpv6 - ok
    01:44:37.0229 15944 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
    01:44:37.0257 15944 wbengine - ok
    01:44:37.0535 15944 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    01:44:37.0554 15944 wcncsvc - ok
    01:44:37.0663 15944 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    01:44:37.0671 15944 WcsPlugInService - ok
    01:44:37.0767 15944 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    01:44:37.0772 15944 Wd - ok
    01:44:37.0936 15944 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    01:44:37.0968 15944 Wdf01000 - ok
    01:44:38.0035 15944 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    01:44:38.0047 15944 WdiServiceHost - ok
    01:44:38.0103 15944 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    01:44:38.0112 15944 WdiSystemHost - ok
    01:44:38.0207 15944 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
    01:44:38.0221 15944 WebClient - ok
    01:44:38.0327 15944 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    01:44:38.0340 15944 Wecsvc - ok
    01:44:38.0402 15944 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    01:44:38.0413 15944 wercplsupport - ok
    01:44:38.0497 15944 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
    01:44:38.0508 15944 WerSvc - ok
    01:44:38.0526 15944 WimFltr - ok
    01:44:38.0607 15944 [ 590812DD01A4FE83C6E92FDB701E59A6 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    01:44:38.0625 15944 winachsf - ok
    01:44:38.0658 15944 WinDefend - ok
    01:44:38.0693 15944 WinHttpAutoProxySvc - ok
    01:44:38.0784 15944 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    01:44:38.0794 15944 Winmgmt - ok
    01:44:38.0921 15944 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    01:44:38.0971 15944 WinRM - ok
    01:44:39.0105 15944 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    01:44:39.0108 15944 WinUSB - ok
    01:44:39.0221 15944 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
    01:44:39.0294 15944 WinVNC4 - ok
    01:44:39.0500 15944 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
    01:44:39.0568 15944 Wlansvc - ok
    01:44:39.0660 15944 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    01:44:39.0662 15944 wlcrasvc - ok
    01:44:40.0192 15944 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    01:44:40.0529 15944 wlidsvc - ok
    01:44:40.0573 15944 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    01:44:40.0581 15944 WmiAcpi - ok
    01:44:40.0662 15944 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    01:44:40.0671 15944 wmiApSrv - ok
    01:44:40.0708 15944 WMPNetworkSvc - ok
    01:44:40.0809 15944 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    01:44:40.0820 15944 WPCSvc - ok
    01:44:40.0877 15944 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    01:44:40.0899 15944 WPDBusEnum - ok
    01:44:40.0954 15944 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    01:44:40.0957 15944 WpdUsb - ok
    01:44:41.0409 15944 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    01:44:41.0431 15944 WPFFontCache_v0400 - ok
    01:44:41.0481 15944 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    01:44:41.0484 15944 ws2ifsl - ok
    01:44:41.0552 15944 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
    01:44:41.0561 15944 wscsvc - ok
    01:44:41.0601 15944 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    01:44:41.0604 15944 WSDPrintDevice - ok
    01:44:41.0620 15944 WSearch - ok
    01:44:42.0168 15944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    01:44:42.0847 15944 wuauserv - ok
    01:44:42.0948 15944 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    01:44:42.0953 15944 WUDFRd - ok
    01:44:43.0076 15944 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    01:44:43.0091 15944 wudfsvc - ok
    01:44:43.0135 15944 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
    01:44:43.0154 15944 XAudio - ok
    01:44:43.0266 15944 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
    01:44:43.0312 15944 XAudioService - ok
    01:44:43.0554 15944 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    01:44:43.0611 15944 YahooAUService - ok
    01:44:43.0662 15944 [ 9284028CE534910467B83A5ED80B9A32 ] zebrbus C:\Windows\system32\DRIVERS\zebrbus.sys
    01:44:43.0666 15944 zebrbus - ok
    01:44:43.0715 15944 [ 0CE6A2593FCD0D5BA4241706A03E5A2C ] zebrceb C:\Windows\system32\DRIVERS\zebrceb.sys
    01:44:43.0727 15944 zebrceb - ok
    01:44:43.0793 15944 [ D5BDF3689B845629FE1DF8B19411C365 ] zebrmdfl C:\Windows\system32\DRIVERS\zebrmdfl.sys
    01:44:43.0806 15944 zebrmdfl - ok
    01:44:43.0871 15944 [ 5EDFD1C634E9371F2F5E4FDFD438EBF1 ] zebrmdm C:\Windows\system32\DRIVERS\zebrmdm.sys
    01:44:43.0875 15944 zebrmdm - ok
    01:44:43.0942 15944 [ F0834018F32833C32A201B8A234784ED ] zebrmdmc C:\Windows\system32\DRIVERS\zebrmdmc.sys
    01:44:43.0946 15944 zebrmdmc - ok
    01:44:44.0043 15944 [ 86A1DA0D04DC177C0D2B3B81777B8BEE ] zebrsce C:\Windows\system32\DRIVERS\zebrsce.sys
    01:44:44.0047 15944 zebrsce - ok
    01:44:44.0243 15944 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {22D78859-9CE9-4B77-BF18-AC83E81A9263} C:\Program Files (x86)\HP\QuickPlay\000.fcl
    01:44:44.0255 15944 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
    01:44:44.0365 15944 ================ Scan global ===============================
    01:44:44.0415 15944 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    01:44:44.0527 15944 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    01:44:44.0630 15944 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    01:44:44.0710 15944 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
    01:44:44.0815 15944 [Global] - ok
    01:44:44.0819 15944 ================ Scan MBR ==================================
    01:44:44.0840 15944 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
    01:44:45.0336 15944 \Device\Harddisk0\DR0 - ok
    01:44:45.0337 15944 ================ Scan VBR ==================================
    01:44:45.0362 15944 [ 043E58A51042DCE16527B7814984F406 ] \Device\Harddisk0\DR0\Partition1
    01:44:45.0383 15944 \Device\Harddisk0\DR0\Partition1 - ok
    01:44:45.0430 15944 [ 3937753FA39FFF0D5B0F0A71652E119A ] \Device\Harddisk0\DR0\Partition2
    01:44:45.0434 15944 \Device\Harddisk0\DR0\Partition2 - ok
    01:44:45.0436 15944 ============================================================
    01:44:45.0436 15944 Scan finished
    01:44:45.0436 15944 ============================================================
    01:44:45.0494 18312 Detected object count: 1
    01:44:45.0494 18312 Actual detected object count: 1
    01:44:49.0018 18312 sptd ( LockedFile.Multi.Generic ) - skipped by user
    01:44:49.0019 18312 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  8. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Psycho Dunpeal [Admin rights]
    Mode : Scan -- Date : 09/15/2012 01:52:14
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3361550716-439296834-1023547113-1000[...]\Run : cdloader ("C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3361550716-439296834-1023547113-1000[...]\Run : MusicManager ("C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> FOUND
    [PROXY FF] o4669fhz.default\ 127.0.0.1:8000 -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633} : NameServer (208.122.23.22,208.122.23.23) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633} : NameServer (208.122.23.22,208.122.23.23) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    127.94.0.1client.openvpn.net
    127.94.0.2openvpn-client.us.shieldexchange.com
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++
    --- User ---
    [MBR] b112e1b31dd2d94be6bfb9cf1807db3d
    [BSP] 3364e4efa033fde283d0547f23be26e9 : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 224690 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 460165860 | Size: 13782 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  9. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-15 01:53:17
    -----------------------------
    01:53:17.689 OS Version: Windows x64 6.0.6002 Service Pack 2
    01:53:17.690 Number of processors: 2 586 0x6802
    01:53:17.696 ComputerName: EVANGELION UserName:
    01:53:28.656 Initialize success
    01:55:51.646 AVAST engine defs: 12091400
    01:56:24.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    01:56:24.943 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC32P Size: 238475MB BusType: 3
    01:56:24.989 Disk 0 MBR read successfully
    01:56:24.998 Disk 0 MBR scan
    01:56:25.182 Disk 0 unknown MBR code
    01:56:25.199 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 224690 MB offset 63
    01:56:25.262 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13782 MB offset 460165860
    01:56:25.615 Disk 0 scanning C:\Windows\system32\drivers
    01:57:37.556 Service scanning
    01:59:23.776 Modules scanning
    01:59:23.798 Disk 0 trace - called modules:
    01:59:23.844 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8002a8b2c0]<<sphu.sys ataport.SYS pciide.sys
    01:59:23.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002f84790]
    01:59:24.275 3 CLASSPNP.SYS[fffffa6000ec5c33] -> nt!IofCallDriver -> [0xfffffa8002c62800]
    01:59:24.290 5 acpi.sys[fffffa600096dfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8002c7b940]
    01:59:24.307 \Driver\atapi[0xfffffa8002c5eae0] -> IRP_MJ_CREATE -> 0xfffffa8002a8b2c0
    01:59:30.501 AVAST engine scan C:\Windows
    02:00:14.588 AVAST engine scan C:\Windows\system32
    02:25:27.350 AVAST engine scan C:\Windows\system32\drivers
    02:27:56.001 AVAST engine scan C:\Users\Psycho Dunpeal
    04:11:03.959 AVAST engine scan C:\ProgramData
    04:58:37.718 Scan finished successfully
    08:14:45.895 Disk 0 MBR has been saved successfully to "C:\Users\Psycho Dunpeal\Desktop\MBR.dat"
    08:14:46.401 The log file has been saved successfully to "C:\Users\Psycho Dunpeal\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    I don't see much there.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    ComboFix 12-09-15.02 - Psycho Dunpeal 16/09/2012 15:18:38.1.2 - x64
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.732 [GMT -4:00]
    Running from: c:\users\Psycho Dunpeal\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Games.exe
    c:\users\Psycho Dunpeal\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
    c:\windows\is-JOPFF.exe
    c:\windows\isRS-000.tmp
    c:\windows\SysWow64\KBL.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-16 20:26 . 2012-09-16 20:26--------d-----w-c:\users\Guest\AppData\Local\temp
    2012-09-16 20:26 . 2012-09-16 20:26--------d-----w-c:\users\Default\AppData\Local\temp
    2012-09-07 05:28 . 2012-09-07 05:33--------d-----w-c:\users\LemTest
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-12 06:26 . 2006-11-02 12:3564462936----a-w-c:\windows\system32\mrt.exe
    2012-09-07 21:04 . 2010-08-09 20:2625928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-04 03:41 . 2011-01-02 06:12132480----a-w-c:\windows\system32\PuranDefragBT.exe
    2012-08-23 08:26 . 2012-09-14 08:049310152----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{833A21EC-C182-44CB-9E13-500661D52447}\mpengine.dll
    2012-08-15 02:16 . 2012-05-07 08:21426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 02:16 . 2011-05-14 13:5170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-13 21:27 . 2011-01-02 06:121366912----a-w-c:\windows\system32\PuranFD.exe
    2012-08-13 21:27 . 2011-01-02 06:12292736----a-w-c:\windows\system32\PuranDefragS.exe
    2012-08-13 21:27 . 2011-01-02 06:12287616----a-w-c:\windows\system32\PuranDC.exe
    2012-08-13 21:13 . 2011-01-02 06:12256896----a-w-c:\windows\system32\PuranDefrag.dll
    2012-07-04 14:33 . 2012-08-15 07:522769408----a-w-c:\windows\system32\win32k.sys
    2012-06-29 16:20 . 2012-08-14 19:54648192----a-w-c:\windows\system32\netapi32.dll
    2012-06-28 04:10 . 2012-08-15 08:2117809920----a-w-c:\windows\system32\mshtml.dll
    2012-06-28 03:39 . 2012-08-15 08:2010925568----a-w-c:\windows\system32\ieframe.dll
    2012-06-28 03:28 . 2012-08-15 08:212312704----a-w-c:\windows\system32\jscript9.dll
    2012-06-28 03:22 . 2012-08-15 08:221346048----a-w-c:\windows\system32\urlmon.dll
    2012-06-28 03:21 . 2012-08-15 08:211392128----a-w-c:\windows\system32\wininet.dll
    2012-06-28 03:20 . 2012-08-15 08:211494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-28 03:19 . 2012-08-15 08:22237056----a-w-c:\windows\system32\url.dll
    2012-06-28 03:17 . 2012-08-15 08:2185504----a-w-c:\windows\system32\jsproxy.dll
    2012-06-28 03:16 . 2012-08-15 08:21816640----a-w-c:\windows\system32\jscript.dll
    2012-06-28 03:16 . 2012-08-15 08:21173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-28 03:14 . 2012-08-15 08:222144768----a-w-c:\windows\system32\iertutil.dll
    2012-06-28 03:13 . 2012-08-15 08:2296768----a-w-c:\windows\system32\mshtmled.dll
    2012-06-28 03:12 . 2012-08-15 08:222382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-28 03:08 . 2012-08-15 08:21248320----a-w-c:\windows\system32\ieui.dll
    2012-06-28 00:27 . 2012-08-15 08:211800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-06-28 00:19 . 2012-08-15 08:211427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-06-28 00:18 . 2012-08-15 08:211129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-06-28 00:12 . 2012-08-15 08:21142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-06-28 00:07 . 2012-08-15 08:222382848----a-w-c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
    "MusicManager"="c:\users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-31 7321600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 994344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0autocheck PuranDefragBT -AD
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli DPPWDFLT
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-09-16 18:11451872----a-w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 02:16]
    .
    2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 21:18]
    .
    2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-11 21:18]
    .
    2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
    - c:\users\Psycho Dunpeal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-22 23:09]
    .
    2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
    - c:\users\Psycho Dunpeal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-22 23:09]
    .
    2012-09-10 c:\windows\Tasks\HPCeeScheduleForPsycho Dunpeal.job
    - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2007-10-28 18:58]
    .
    2012-09-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
    - c:\users\Psycho Dunpeal\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-26 23:12]
    .
    2012-09-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
    - c:\users\Psycho Dunpeal\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-02-26 23:12]
    .
    2012-09-15 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
    - c:\users\LemTest\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-09-07 05:55]
    .
    2012-09-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
    - c:\users\LemTest\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-09-07 05:55]
    .
    2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{40F61EB5-DC92-44E6-9DEF-98D70F237627}.job
    - c:\windows\system32\msfeedssync.exe [2011-07-09 14:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-07-20 20:17755544----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-07-20 20:17755544----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-07-20 20:17755544----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-07-20 20:17755544----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 120320]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
    "SJ1XRCV"="c:\windows\system32\spool\drivers\x64\3\SJ1XRCV.exe" [2006-10-19 102400]
    "PuranADT"="c:\program files\Puran Defrag\PuranADT.exe" [2012-08-13 443776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
    IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download with Xilisoft Download YouTube Video - c:\program files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\HMIPCore.dll
    TCP: DhcpNameServer = 200.1.104.35 200.1.104.36
    TCP: Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}: NameServer = 208.122.23.22,208.122.23.23
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 8000
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8000
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8000
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8000
    FF - prefs.js: network.proxy.type - 1
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PSP Video 9 - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
    AddRemove-Byki Express for Lemuel Williams - c:\users\Psycho Dunpeal\AppData\Local\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe
    AddRemove-{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4} - c:\users\Psycho Dunpeal\AppData\Local\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec /V"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
    "ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ðÊb]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ðÊb\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
    c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
    c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
    c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    c:\programdata\TVersity\Media Server\MediaServer.exe
    c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-16 17:24:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-16 21:24
    .
    Pre-Run: 88,314,744,832 bytes free
    Post-Run: 87,717,801,984 bytes free
    .
    - - End Of File - - CD25E3C6E9021D7B6CE69D070D39C392
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Looks good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    OTL logfile created on: 16/09/2012 07:04:18 PM - Run 1
    OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Psycho Dunpeal\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00002C09 | Country: Trinidad and Tobago | Language: ENT | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.57% Memory free
    4.23 Gb Paging File | 2.30 Gb Available in Paging File | 54.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 219.42 Gb Total Space | 81.78 Gb Free Space | 37.27% Space Free | Partition Type: NTFS
    Drive D: | 13.46 Gb Total Space | 2.26 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

    Computer Name: EVANGELION | User Name: Psycho Dunpeal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/09/16 18:20:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Psycho Dunpeal\Desktop\OTL.exe
    PRC - [2012/09/13 09:08:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/08/08 08:13:12 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/09 02:11:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2012/05/09 02:11:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
    PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2009/12/18 12:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
    PRC - [2007/12/04 14:50:22 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2007/10/19 14:18:48 | 000,113,176 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/13 17:27:44 | 000,292,736 | ---- | M] (Puran Software) [Auto | Running] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/04/11 03:10:58 | 000,081,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
    SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/10/19 14:20:42 | 000,171,032 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV:64bit: - [2007/10/19 14:18:36 | 000,182,296 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2007/10/19 14:17:04 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
    SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2006/11/02 11:03:54 | 000,011,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/08/14 22:16:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/09 02:11:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012/05/09 02:11:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
    SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/18 12:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
    SRV - [2009/09/09 22:58:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
    SRV - [2007/08/31 14:15:06 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Vongo\VongoService.exe -- (Vongo Service)
    SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/05/09 02:11:35 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2012/05/09 02:11:35 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/19 17:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/09/02 23:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2011/09/02 23:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tapoas.sys -- (tapoas)
    DRV:64bit: - [2011/01/17 23:57:50 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010/10/16 11:42:38 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/10/14 21:40:24 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/07/20 11:41:18 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
    DRV:64bit: - [2010/07/20 11:40:23 | 000,145,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdmc.sys -- (zebrmdmc)
    DRV:64bit: - [2010/07/20 11:40:23 | 000,145,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdm.sys -- (zebrmdm)
    DRV:64bit: - [2010/07/20 11:40:23 | 000,120,832 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrsce.sys -- (zebrsce)
    DRV:64bit: - [2010/07/20 11:40:23 | 000,108,544 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrbus.sys -- (zebrbus)
    DRV:64bit: - [2010/07/20 11:40:23 | 000,081,280 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\zebrceb.sys -- (zebrceb)
    DRV:64bit: - [2010/07/20 11:40:23 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdfl.sys -- (zebrmdfl)
    DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/12/25 14:24:01 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
    DRV:64bit: - [2009/12/25 14:24:01 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
    DRV:64bit: - [2009/11/10 15:35:36 | 000,139,408 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/11 01:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST)
    DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5)
    DRV:64bit: - [2009/03/25 11:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
    DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/05/16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
    DRV:64bit: - [2008/05/16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
    DRV:64bit: - [2008/05/16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus)
    DRV:64bit: - [2008/04/27 12:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2008/03/14 01:56:46 | 000,073,136 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2008/03/04 03:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008/01/19 03:11:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2008/01/19 02:38:16 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2007/12/12 13:12:32 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2007/12/12 13:12:32 | 000,089,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2007/12/12 13:12:32 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2007/11/01 10:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2007/11/01 10:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2007/11/01 10:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2007/10/19 14:16:08 | 001,599,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
    DRV:64bit: - [2007/10/18 07:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2007/10/11 19:58:28 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2007/10/11 19:58:16 | 002,055,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
    DRV:64bit: - [2007/09/09 18:13:26 | 000,207,872 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (HdAudAddService)
    DRV:64bit: - [2007/08/28 18:46:46 | 000,217,088 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV)
    DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
    DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2007/06/15 11:50:40 | 001,138,176 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (hcw85bda)
    DRV:64bit: - [2007/05/09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV:64bit: - [2007/05/09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
    DRV:64bit: - [2007/05/02 12:12:30 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssm_mdm.sys -- (ssm_mdm)
    DRV:64bit: - [2007/05/02 12:12:30 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssm_bus.sys -- (ssm_bus)
    DRV:64bit: - [2007/05/02 12:12:30 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl)
    DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2007/02/18 01:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm)
    DRV:64bit: - [2007/01/29 07:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
    DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
    DRV:64bit: - [2006/09/18 17:38:12 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
    DRV:64bit: - [2006/06/18 19:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2009/01/12 17:50:04 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/24 17:37:09] [Kernel | Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
    DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=81&bd=Pavilion&pf=laptop
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr10/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-tt
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 AC 29 7C C8 46 CA 01 [binary data]
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes\{59B2DB53-AF80-40DD-80C5-FAE7B7079109}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000006
    FF - prefs.js..extensions.enabledAddons: TFToolbarX@torrent-finder:1.2.6
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledAddons: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.0
    FF - prefs.js..extensions.enabledAddons: GameTap@gametap.com:4.0.80.1588
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
    FF - prefs.js..extensions.enabledAddons: MafiaaFire@mafiaafire.com:0.9d
    FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
    FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..extensions.enabledItems: GameTap@gametap.com:4.0.80.1588
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.6
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
    FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.backup.ftp_port: 8000
    FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.backup.socks_port: 8000
    FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.backup.ssl_port: 8000
    FF - prefs.js..network.proxy.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.ftp_port: 8000
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 8000
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 8000
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8000
    FF - prefs.js..network.proxy.type: 1


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/21 17:56:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 01:04:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/29 23:47:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/07/22 12:53:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/02 19:34:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/25 14:25:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 09:59:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2011/12/25 14:25:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/21 17:56:40 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/07/22 12:53:06 | 000,000,000 | ---D | M]

    [2010/07/02 15:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions
    [2010/01/30 09:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
    [2010/07/02 15:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2009/03/14 15:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/03/08 10:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions
    [2009/07/21 15:22:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/09/25 22:32:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/04/10 13:45:54 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
    [2011/03/31 22:20:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/05/13 19:40:16 | 000,000,000 | ---D | M] (GameTap) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\GameTap@gametap.com
    [2009/05/24 04:01:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\moveplayer@movenetworks.com
    [2010/12/15 15:02:55 | 000,000,000 | ---D | M] (Torrent Finder Toolbar) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\TFToolbarX@torrent-finder
    [2012/03/08 10:56:58 | 000,123,007 | ---- | M] () (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\MafiaaFire@mafiaafire.com.xpi
    [2012/01/13 06:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/07/12 23:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/24 14:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/04/02 19:34:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RockMelt Update (Enabled) = C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Turn Off the Lights = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Photo Zoom for Facebook = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Beautify FB = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldngjhkgckijklngngononnejmadojce\2.1.3_0\
    CHR - Extension: FastestChrome - Browse Faster = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.7_0\
    CHR - Extension: All Mangas Reader = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjloagockgobfpopemejpgjjechcpfd\1.4.0_0\
    CHR - Extension: Ambient Aurea = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa\1.0.0.11_0\
     
  14. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    O1 HOSTS File: ([2012/09/16 16:27:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [PuranADT] C:\Program Files\Puran Defrag\PuranADT.exe (Puran Software)
    O4:64bit: - HKLM..\Run: [SJ1XRCV] C:\Windows\SysNative\spool\drivers\x64\3\SJ1XRCV.exe (SHARP CORPORATION)
    O4:64bit: - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
    O4 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000..\Run: [cdloader] C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000..\Run: [MusicManager] C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.1.104.35 200.1.104.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}: DhcpNameServer = 200.1.104.35 200.1.104.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}: NameServer = 208.122.23.22,208.122.23.23
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
    O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
    O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
    O24 - Desktop WallPaper: C:\Users\Psycho Dunpeal\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Psycho Dunpeal\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (autocheck PuranDefragBT -AD)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/16 18:20:49 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Psycho Dunpeal\Desktop\OTL.exe
    [2012/09/16 17:24:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/16 17:00:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/16 15:11:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/16 15:11:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/16 15:11:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/16 15:07:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/16 15:01:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/16 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{FEA4B016-E92F-47B6-A9C1-7FF3224B024B}
    [2012/09/16 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{2CF0DDAD-A8AE-49D5-BB2D-096E70FBDD58}
    [2012/09/16 02:06:39 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{89116ACF-4E82-4EA4-B13B-6ACB9B6951DF}
    [2012/09/15 16:38:14 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Psycho Dunpeal\Desktop\ComboFix.exe
    [2012/09/15 10:48:47 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{DCFAE1D2-9B96-430D-8C25-38B5C3718FC2}
    [2012/09/15 10:44:51 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{46C5FFC2-FAC7-4179-8375-F2162CDCD2A1}
    [2012/09/15 01:48:57 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\RK_Quarantine
    [2012/09/15 01:39:06 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Psycho Dunpeal\Desktop\TDSSKiller.exe
    [2012/09/15 01:36:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Psycho Dunpeal\Desktop\aswMBR.exe
    [2012/09/14 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{51F58B38-A89C-49A2-8BCB-30D1047EB3F6}
    [2012/09/14 10:44:04 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{91BE8756-721E-44AB-AE55-8719076E1831}
    [2012/09/13 22:56:15 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{8596B192-9E9A-4D43-9D54-5FC8F2867289}
    [2012/09/13 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{C314C29E-E15E-427E-83BD-44EF965A86B3}
    [2012/09/13 22:45:37 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{30C7EBF8-3CC7-4A0F-82E8-79BF757588D4}
    [2012/09/13 08:26:04 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs\Music Manager
    [2012/09/13 01:24:39 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{E27FC9CE-82E6-4697-AB07-5AFF2C1E3BA7}
    [2012/09/13 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{AA8A5CCC-DBC2-4D6B-B191-86DC405F529D}
    [2012/09/12 10:32:50 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{ECD66C08-6EE7-4231-8227-7661DEDBD8DE}
    [2012/09/12 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{17E21624-8E0D-42CB-9C48-4170FB1C644B}
    [2012/09/11 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{5606BFBC-209A-49B2-8087-7B3759792155}
    [2012/09/11 20:24:15 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{1159D483-3982-46C6-A53B-94B640FC0739}
    [2012/09/11 00:32:22 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{713B8A0D-E84E-4790-8E5A-A4ED5DB5E8A2}
    [2012/09/10 12:31:26 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{8C7DBDE9-8EE6-4A4D-B08F-6FE257A58D21}
    [2012/09/10 00:43:49 | 000,000,000 | R--D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs\Startup
    [2012/09/10 00:43:49 | 000,000,000 | R--D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs\Administrative Tools
    [2012/09/09 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{09B577FC-DD88-4225-B822-5B16F020C7B8}
    [2012/09/09 03:08:34 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{9C80F33C-518E-47BD-8C8C-23A45D1A1E23}
    [2012/09/08 15:08:09 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{0E9B8DCE-65D2-40AC-9683-D9A2BE90B8CF}
    [2012/09/08 03:04:39 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{BBC9C72A-F2AC-4E88-AAA2-642012F67B0D}
    [2012/09/08 03:03:01 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{235F73DD-BB12-4530-9DDB-B7E5E1ECF34E}
    [2012/09/07 14:04:14 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{6387130C-F1AB-40D4-81B1-3543946D8408}
    [2012/09/07 02:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/07 02:01:06 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{2126E24A-8575-4812-97A1-4E230FB369A6}
    [2012/09/06 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{0C93F1FF-12DD-4D74-B557-2C2AE1EAC120}
    [2012/09/06 08:49:40 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{9FEC522A-5B86-4335-98FC-54E4E63F1A2F}
    [2012/09/06 08:43:46 | 000,000,000 | R--D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs
    [2012/09/05 17:11:45 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{649D2DB1-7A09-407C-869B-57FE74FE4EBC}
    [2012/09/01 13:14:44 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\5-Day Inferno Plan
    [2012/09/01 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\TurboFire Class Schedule
    [2008/12/17 20:29:43 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
    [2008/12/17 20:29:39 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
    [2008/12/17 20:29:35 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
    [2008/12/17 20:29:33 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/09/16 18:57:14 | 000,003,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/16 18:57:14 | 000,003,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/16 18:50:00 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40F61EB5-DC92-44E6-9DEF-98D70F237627}.job
    [2012/09/16 18:25:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
    [2012/09/16 18:20:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Psycho Dunpeal\Desktop\OTL.exe
    [2012/09/16 18:17:01 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
    [2012/09/16 18:17:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
    [2012/09/16 18:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/16 18:14:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/16 18:00:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
    [2012/09/16 17:05:56 | 000,354,882 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
    [2012/09/16 17:05:56 | 000,343,936 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
    [2012/09/16 17:05:56 | 000,112,512 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
    [2012/09/16 17:05:56 | 000,112,506 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
    [2012/09/16 17:05:55 | 000,690,474 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2012/09/16 17:05:55 | 000,399,038 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
    [2012/09/16 17:05:55 | 000,112,674 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
    [2012/09/16 17:05:54 | 000,688,226 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2012/09/16 17:05:54 | 000,141,536 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2012/09/16 17:05:54 | 000,135,076 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2012/09/16 17:05:51 | 000,617,458 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/16 17:05:50 | 000,112,674 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/16 17:05:49 | 003,680,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/16 17:02:15 | 000,470,017 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/09/16 17:02:14 | 000,470,017 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/09/16 16:59:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/16 16:58:38 | 000,000,680 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
    [2012/09/16 16:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/16 16:54:41 | 2146,418,688 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/16 16:31:04 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/09/16 16:27:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/16 14:31:25 | 000,081,611 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\2FD7426E-3C22-4B67-A7D0-9B5D616B12FE.jpg
    [2012/09/16 14:29:17 | 000,085,000 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\1C8D2D85-5DBE-434F-A96F-8782A7D08738.jpg
    [2012/09/16 14:28:57 | 000,093,273 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\A043E7E5-62CC-4FA1-8CE4-8DDAE0608750.jpg
    [2012/09/16 12:25:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
    [2012/09/15 16:38:51 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Psycho Dunpeal\Desktop\ComboFix.exe
    [2012/09/15 08:14:46 | 000,000,512 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\MBR.dat
    [2012/09/15 02:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
    [2012/09/15 01:36:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Psycho Dunpeal\Desktop\aswMBR.exe
    [2012/09/15 01:36:13 | 001,378,816 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\RogueKiller.exe
    [2012/09/14 12:30:04 | 000,085,221 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\5A8FB89A-8A6D-41F3-B820-CE3D4E8516AC.jpg
    [2012/09/10 22:15:47 | 001,614,657 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\5C9B483B-462B-478F-8B3C-09C0C50C6869.jpg
    [2012/09/10 18:47:45 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPsycho Dunpeal.job
    [2012/09/10 13:59:41 | 000,002,009 | ---- | M] () -- C:\Users\Psycho Dunpeal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/09/07 18:51:22 | 000,129,024 | ---- | M] () -- C:\Users\Psycho Dunpeal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/03 23:41:26 | 000,132,480 | ---- | M] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
    [2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Psycho Dunpeal\Desktop\TDSSKiller.exe

    ========== Files Created - No Company Name ==========

    [2012/09/16 15:11:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/16 15:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/16 15:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/16 15:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/16 15:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/16 14:30:22 | 000,081,611 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\2FD7426E-3C22-4B67-A7D0-9B5D616B12FE.jpg
    [2012/09/16 11:10:01 | 000,093,273 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\A043E7E5-62CC-4FA1-8CE4-8DDAE0608750.jpg
    [2012/09/15 08:14:45 | 000,000,512 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\MBR.dat
    [2012/09/15 01:36:13 | 001,378,816 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\RogueKiller.exe
    [2012/09/14 12:30:01 | 000,085,221 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\5A8FB89A-8A6D-41F3-B820-CE3D4E8516AC.jpg
    [2012/09/14 08:47:15 | 000,085,000 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\1C8D2D85-5DBE-434F-A96F-8782A7D08738.jpg
    [2012/09/10 22:14:42 | 001,614,657 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\5C9B483B-462B-478F-8B3C-09C0C50C6869.jpg
    [2012/09/10 13:59:41 | 000,002,009 | ---- | C] () -- C:\Users\Psycho Dunpeal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/09/07 12:56:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPsycho Dunpeal.job
    [2012/09/07 01:55:18 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
    [2012/09/07 01:55:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
    [2012/04/05 21:00:40 | 000,000,334 | ---- | C] () -- C:\Users\Psycho Dunpeal\openvpn-connect.json
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/06/15 11:24:28 | 003,723,220 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/31 21:37:25 | 000,000,763 | ---- | C] () -- C:\Users\Psycho Dunpeal\.appcfg_cookies
    [2011/02/21 23:20:54 | 000,121,379 | ---- | C] () -- C:\Windows\hpoins15.dat
    [2011/02/21 23:20:54 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
    [2010/12/20 16:43:32 | 000,172,128 | ---- | C] () -- C:\Windows\_isusr32.dll
    [2010/12/20 16:43:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
    [2010/06/23 19:58:41 | 000,000,036 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\housecall.guid.cache
    [2010/05/05 00:28:11 | 000,000,022 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\kodakpcd.ini
    [2009/10/06 23:48:49 | 000,000,760 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\setup_ldm.iss
    [2009/06/26 23:11:19 | 000,008,772 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\d3d9caps64.dat
    [2009/02/10 20:32:35 | 000,470,017 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/02/10 20:32:35 | 000,470,017 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/01/25 18:03:49 | 000,029,216 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\UserTile.png
    [2008/12/06 16:11:26 | 000,000,541 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2008/12/06 16:02:38 | 000,007,916 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\d3d9caps.dat
    [2008/12/05 01:23:47 | 000,001,268 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\wklnhst.dat
    [2008/12/04 19:11:55 | 000,083,182 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\nvModes.001
    [2008/12/04 17:28:45 | 000,083,182 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\nvModes.dat
    [2008/12/04 15:30:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/12/04 14:25:28 | 000,129,024 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2009/11/22 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DigitalPersona
    [2009/11/22 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Genie-soft
    [2009/11/22 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Skinux
    [2009/11/22 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Teleca
    [2011/03/30 16:10:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
    [2012/09/07 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\LemTest\AppData\Roaming\DigitalPersona
    [2012/09/07 02:50:55 | 000,000,000 | ---D | M] -- C:\Users\LemTest\AppData\Roaming\uTorrent
    [2010/07/31 23:22:00 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\All Free 3GP Video Converter
    [2010/02/02 01:48:31 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Call Graph
    [2008/12/04 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\CiscoCAA
    [2008/12/06 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\CoreCodec
    [2010/08/08 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\DAEMON Tools
    [2012/01/07 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\DAEMON Tools Lite
    [2008/12/04 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\DigitalPersona
    [2011/10/02 02:19:06 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Dropbox
    [2010/07/28 17:19:55 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Eltima Software
    [2011/07/13 22:23:19 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Funambol
    [2010/08/09 16:21:27 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\HandBrake
    [2010/08/09 02:11:05 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Hide IP NG
    [2010/08/11 03:44:53 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\KC Softwares
    [2011/12/07 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Leadertech
    [2010/07/31 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\M3
    [2010/12/23 13:08:23 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Machete Lite
    [2010/10/16 00:29:37 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Maxthon2
    [2011/07/16 11:41:29 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Maxthon3
    [2011/05/02 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp
    [2010/09/24 03:37:34 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\MxBoost
    [2012/04/02 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\MyPhoneExplorer
    [2010/10/16 13:10:48 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Notepad++
    [2011/08/29 22:33:34 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\ooVoo Details
    [2010/08/24 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\PMS
    [2010/07/28 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Red Kawa
    [2010/01/30 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Sedna Wireless
    [2011/10/02 02:36:09 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Sony
    [2009/12/25 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Teleca
    [2008/12/05 01:23:51 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Template
    [2012/09/13 03:17:03 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\TeraCopy
    [2010/07/02 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\TomTom
    [2010/01/31 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Transparent
    [2012/09/07 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\uTorrent
    [2010/08/09 09:36:14 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\VS Revo Group
    [2009/05/28 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\WildTangent
    [2010/12/11 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Windows Live Writer
    [2011/10/02 16:55:36 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Xilisoft
    [2012/09/16 18:17:01 | 000,000,912 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
    [2012/09/16 18:17:01 | 000,000,964 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
    [2012/09/15 02:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
    [2012/09/16 18:00:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
    [2012/09/16 16:30:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/09/16 18:50:00 | 000,000,452 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40F61EB5-DC92-44E6-9DEF-98D70F237627}.job

    ========== Purity Check ==========


    < End of report >
     
  15. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    OTL Extras logfile created on: 16/09/2012 07:04:18 PM - Run 1
    OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Psycho Dunpeal\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00002C09 | Country: Trinidad and Tobago | Language: ENT | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.57% Memory free
    4.23 Gb Paging File | 2.30 Gb Available in Paging File | 54.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 219.42 Gb Total Space | 81.78 Gb Free Space | 37.27% Space Free | Partition Type: NTFS
    Drive D: | 13.46 Gb Total Space | 2.26 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

    Computer Name: EVANGELION | User Name: Psycho Dunpeal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Classes\<extension>]
    .html [@ = RockMeltHTML] -- C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Application\rockmelt.exe (RockMelt, Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = A0 AE 1F AE 44 58 C9 01 [binary data]
    "VistaSp2" = CF 1B 23 92 3B 33 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "" =
    "C:\Program Files (x86)\Vongo\VongoService.exe" = C:\Program Files (x86)\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)
    "" =
    "C:\Program Files (x86)\Vongo\VongoService.exe" = C:\Program Files (x86)\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "C:\Program Files (x86)\Call Graph\CallGraph.exe" = C:\Program Files (x86)\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)
    "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "C:\Program Files (x86)\Call Graph\CallGraph.exe" = C:\Program Files (x86)\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{084FDBA2-F64E-4AC5-863F-F82E318423EE}" = lport=139 | protocol=6 | dir=in | app=system |
    "{08A50EC1-50A6-431C-AA62-774819529AF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1570F608-E135-4DA2-B3F9-338505B1D6B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{1AC1D77C-78D3-48FF-B062-1F3CF58144E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{1E95DA46-82D9-42BA-9E41-BFECBE6B66BF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{235F396B-8772-445E-BE68-7606AF95C624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{287FD753-F4A7-4828-AF79-613E159E645C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
    "{328894EF-B922-4E84-8502-7723CC9351B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{37228EEC-8724-43C8-AC0F-2ADB80044218}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{391ED8B7-7F5A-4BEB-B766-BD3103AB44F2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{3A9116CF-BFC2-45E6-BA3B-48A589994310}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{4755139E-8495-4632-BEF9-5D4619B4C986}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{51CC1BE0-DA6B-4319-8D73-4A6EA7898E7E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{57FC7427-4454-44E4-9BAA-B75F715D2224}" = rport=137 | protocol=17 | dir=out | app=system |
    "{61F30088-CC0D-475E-8ED2-5405AF437AD9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{671F0351-B5C5-4B2F-A811-0199E27B9E53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{672BA69C-2299-4B98-A7C6-8088E3E982E7}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6909E75C-979D-434F-9CE4-0DA4B51BB5FF}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{6DBF2FE7-C5C7-4D31-8DE0-EFA2FBBEC8FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{752A2FAE-0FD9-4968-B48F-E7A2085DF430}" = rport=445 | protocol=6 | dir=out | app=system |
    "{76D907EE-3C7B-46CD-8081-3E48E918F663}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{81D88100-4E38-4778-817E-9EB3BCD18978}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{8E005436-0A60-4597-ACFD-3576011641E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9047007B-3D40-451B-8C1C-5E91D9951901}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{913E8511-5562-4A40-A39C-97CCA18F9190}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{97214CEF-51DF-4A19-B3FE-028BAEEDBA00}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A449F2BE-3685-4D38-9866-56C5C21CD9EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{A95D79E6-CC96-406D-8E4F-F197972C9203}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AACF7181-BCDD-4134-8AB2-AD70B4988107}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{B85C3379-3C7F-415C-A300-8380F5EDDE53}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{BD8BCAE9-5975-4690-B13E-BC4088CF164D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{BE017871-9A92-4D79-858A-98F8D4F4455D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C8628C80-A1F6-490E-8C28-37432EB36F2A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{C8DD3EE5-1ABA-4B6F-B50D-E2C5E361F315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{CDB00E4D-0333-4836-A823-15DB9C1BA558}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D0C8DE44-0D6B-4F4A-AFA0-8C86843CC6E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D18C96A1-C688-4C1F-BD36-B77F5354574F}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{D6D3F908-D103-4564-B22C-0148875D632E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{D9A5E656-1547-4A1D-8B6B-666F76FD34BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D9B8D247-CE63-40DA-A702-872D85127612}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E80F9945-8FA8-422E-A8A3-4C86EE4AB333}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EC3AEB5A-E738-464F-938C-319F860F888E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{EF8BCB2D-3057-4E62-A47A-10F56E1DE424}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{F159E57A-B7DB-407D-8B2F-3F8AF1A01B78}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F2457503-B070-4C49-BFEB-F4E882800628}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{F2A4BAD5-9F14-47BD-8134-93F9D05500EA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AB2892E-CA7D-4506-A3C1-942D8D1738E6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
    "{0C82D38A-DEBB-4534-85E5-504A9C695A0B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{15E5B6EB-2DC6-4064-A5C1-E3FBBCB9C00C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{163549EC-3518-4924-9C75-1F186F7A722C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{165C1C59-79DC-4943-8B16-2E9F70C944B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{192E66D0-5573-4067-AF55-5BB86AF9E08A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{19ED98C1-D267-4F57-AEA0-DF585182B489}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{25A566C5-1543-41C0-A014-7EC2A91F9BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{282C6F69-00D7-408D-8DC1-DF18B7C6D2F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{296D393E-5A01-40F1-9F79-73C5B0096A88}" = protocol=6 | dir=out | app=system |
    "{2ADB0250-5497-49F4-A27F-5FA60FE507A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{2BC7FF22-A250-44D0-B599-257C2E439533}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
    "{2C2DCD1D-2AD0-4A3B-AEB7-7D4BE379AC48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2E59DE41-626E-4631-A92B-FBB7980BF04E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2FA09651-2D71-48EB-9253-886D1290AB1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{314D16E3-F867-4E0D-AE70-579C5B9681D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{3B82AE15-A42D-479E-89AB-EC8AD1462E29}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{3BF0033D-9A38-40A7-B2D1-150897B32F1C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C6C5DF7-A1A8-4D89-9ED4-A1942BDFAEEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3CDB692F-24E5-4135-8846-69EA627CB281}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3EE2EF9A-1135-49C3-AA20-DC807FEF30A5}" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
    "{41BFBBC7-DA12-4B57-9378-AA9CDEF05669}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{42712392-0F01-49F2-8FA6-AFEE2F12BFA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{43D6351F-EAA6-4EA2-9BFB-1ECA2AB58FB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{541858B5-48AF-4968-9C3A-BF78BFEED329}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
    "{56F0F835-C795-4B8C-AC42-8E918547903C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{5B48305D-F2FD-4EA9-909B-D124C158ACD9}" = protocol=6 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{5C95BB5D-4141-45ED-A60E-F8DC38E3D05E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{648BBA06-DF1E-44B6-8D6A-3B15BC1D9C05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{65E78EA1-AD04-41BB-9A18-BE5CD30B0127}" = protocol=6 | dir=out | app=system |
    "{686FD117-1CFC-474A-9229-C64703A0C445}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{738BC406-D0AE-4BFB-85E1-72E4F97050C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{764C521A-C461-4607-A837-FFF4AB65C4D9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{77C633A9-ACDA-4C36-B7D8-BD8715ACB226}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{7CBE5B07-FF39-4D7D-AFED-1D1FC38F03D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7ECD4550-CB42-4085-92FC-C2AB473B6C7F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{83A17070-1BF9-40C4-930D-55F4984A68BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8544F3CF-1467-4897-BE78-D49DFFA4F895}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{888842C4-7714-4FE2-BF13-E7E1C8BECDDC}" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
    "{96CBFD75-6A17-480E-B302-A2370893BE1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{9CA336BE-E8D6-477D-A2A5-071E0DBB85E1}" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{9FB8202E-9387-4EC4-80F2-CD5FBC66A908}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A1695752-EB43-4A14-A547-1B76B9F974E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{A4ABDB92-5EEA-41D5-B667-D620150CE659}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{A6D4372E-5980-42A8-AAC4-0E2D5769E5FB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA7257A2-5D88-45E1-BB92-A19ACE5FB372}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
    "{ADF486CE-39CE-4738-BFAE-4488FEFEA108}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{AFBF49A6-A386-4437-9E7D-525A75A615E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B717A2B3-4481-4777-BA80-8CDB56624360}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{BA50BA66-4505-4404-A080-82006585EEE0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
    "{BECBAF99-1B57-47AE-A569-2BE13ED80759}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{C46AFEFB-7B9C-482B-B823-9DE4FB8955AE}" = protocol=17 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{C4A03665-5452-4BD8-A0C9-910EA79D4EE0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
    "{D0A189B1-A4C8-43CA-AC7A-532CCCEF03E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D27974C0-EFF9-4F11-9D1A-82636FD3BD1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D9A36EB5-D3F8-4E47-BDFF-C45F4CC01D21}" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
    "{E2D32A75-32C4-4FC1-BE22-15843DE67523}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{E3D4ECA6-B820-48AC-888D-9CAF175151BC}" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{E67635A2-5FE9-4502-9018-5088597019D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EA834021-5069-42DB-9C73-E8D7AD6A4EF4}" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
    "{EB82FB63-92AA-4CCF-9D0B-D409DC458042}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{EE89FEBD-43E2-42E4-897C-6DC90A341AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{F3BA256B-E533-466B-A89E-4CC36BEA392E}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{F81D2A28-D27A-4123-AC8A-2C31A3595A96}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{FB051389-58DB-4B1B-A6DA-779880EE8299}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FBF96793-501E-456E-B094-579017E1D13C}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
    "TCP Query User{07ACD7EE-EEF6-4BBA-BB9C-D912CCDA1E47}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
    "TCP Query User{261A80BD-4D0C-4996-B02A-50FE6DF0A628}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
    "TCP Query User{32866BE9-BF36-4C06-93E3-0938700528FB}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
    "TCP Query User{403BFFEA-002C-4783-B0C6-9025F89A45F3}C:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{49126CA2-F548-4EFE-A9A4-3867B97BD9C0}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
    "TCP Query User{502EA871-6E75-4C72-96E5-BB750C3EE765}C:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe |
    "TCP Query User{51F87DF1-7006-4218-AFA7-E16BEDE51AF4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{62CD31B1-09DD-408A-8C06-72FDD34CA979}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
    "TCP Query User{785A82A9-58A7-4803-B853-A063ABC25E85}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{7BC1D8A6-7062-490E-94C4-600F8C8C42B3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{81F8ABD1-753E-47CA-A4EA-3CBAF111A6F6}C:\program files (x86)\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
    "TCP Query User{89119939-C758-432A-B939-02FFFCB5245B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{8C435E8D-F256-4C43-93E2-0FE53F5D721A}C:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe |
    "TCP Query User{97CD1A08-93D6-4B6A-BD1F-49A3F36F927A}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
    "TCP Query User{A162A9F4-1226-491E-8B82-8C0603E5D207}C:\program files (x86)\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe |
    "TCP Query User{B63A6E2D-472F-4E2B-9AB5-D92F206A0181}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{C6D7F057-EC38-4217-9187-6CFC1E401EFE}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
    "TCP Query User{CF9CEF57-D437-47CD-A06E-BBBDC004AAF3}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{D56B63F7-1222-46DD-860C-D92D9483F6B8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{D86A5CC6-D20D-4F13-90FF-C52A4B9D7A30}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
    "TCP Query User{EC6953FC-F57F-4661-929E-6D4D70CD0C83}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{EE6AE75C-0602-40C5-A141-755A16E926D7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{F4F827A5-8C9F-42C0-AF62-C9B053FCB9F9}C:\program files (x86)\realvnc\vnc4\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realvnc\vnc4\vncviewer.exe |
    "TCP Query User{FE946B54-C732-42B1-8FC4-EDFE68F1322D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{0A3AFF44-75B2-46E3-8B07-A83184ABECDA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{117130E6-E56B-4E78-AE34-97FA1BCAD7E2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{11845E98-BDFD-47E6-9F8E-9338642CED54}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{1D1CDB75-169F-44DC-A829-6A7D5856FD7D}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
    "UDP Query User{233FF218-CEDB-427D-AF7C-00F5A882415E}C:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe |
    "UDP Query User{3142719F-3CF4-4B07-8BEF-9708C03FC09F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{4AFEAB1A-B9E2-43A1-8165-3F8EDBE908E9}C:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe |
    "UDP Query User{4E613889-3266-412D-B306-9E16C29F9E67}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{54007B65-8F22-4023-B8D4-C17C3689DB86}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
    "UDP Query User{54B6AB3E-3A1C-4340-BD80-D032F267A14A}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
    "UDP Query User{5AE7DC8A-58EB-4B76-BDAC-50C997DABF27}C:\program files (x86)\realvnc\vnc4\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realvnc\vnc4\vncviewer.exe |
    "UDP Query User{6F64AB8E-9FD2-41DD-A77D-1084E548A0DC}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{76D00219-75B1-4AF1-9B7F-59B1D9CBE6D0}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
    "UDP Query User{8DDD6206-AAF4-4F9D-9DB5-6CB8F80B21CD}C:\program files (x86)\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
    "UDP Query User{98669BB7-5379-4007-AE58-0EA8FB412451}C:\program files (x86)\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe |
    "UDP Query User{A279343B-C27E-489A-A454-2348110595BE}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
    "UDP Query User{A4850744-1A51-4486-BDDE-2B6EBF8CF548}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
    "UDP Query User{AAFC4209-47B1-461C-A7C3-1ABABB168858}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
    "UDP Query User{BA759497-9799-455C-ABFF-D8ADE806AA5E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{CD5C482B-A12B-4420-AB77-DA620B1BBB82}C:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{CEEF58FC-9EAD-487F-B791-4A8D9AA3B31D}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
    "UDP Query User{D65AE374-9939-4FFD-96F5-335AFA9E725F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{D8372218-E410-4667-99AE-46EAC5D174B0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{EA7CA599-58B8-44BA-8765-05452E092FEA}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{02DF3F55-D68C-44A2-8EAC-9988533BF681}" = Sun VirtualBox
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{5FCF5515-4CC4-4812-8C9A-755336AB85F8}" = Logitech Motion Detector Gadget
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91AF9255-01D7-4F8C-960B-CA2F4C8E7C99}" = Logitech QuickCapture Gadget
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AF2CB1FE-FD46-4D85-8C63-5C46E825E177}" = Logitech QuickCam
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D611B241-28A0-4937-AF86-17565CAF9807}" = PC Suite for Sony Ericsson x64
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
    "Defraggler" = Defraggler
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "lvdrivers_11.50" = Logitech QuickCam Driver Package
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
    "Puran Defrag_is1" = Puran Defrag 7.5
    "Recuva" = Recuva
    "Revo Uninstaller Pro Retail zoo_is1" = Revo Uninstaller Pro 2.4.1
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeraCopy_is1" = TeraCopy 2.12
    "UltSounds" = Windows Sound Schemes
    "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
     
  16. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{00C908A6-8038-4101-909C-575D8B83B57D}" = PS3ThemeCreator
    "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
    "{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.111.07020
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{4586796C-C820-41FD-81FA-BF5AD8129C13}_is1" = Uninstall CDisplay
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    "{5A227323-822D-4C45-A89A-200701051990}" = yacib Portable Mp3
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{77EC0035-AFBA-4A8C-814A-6A887224C1A1}" = DeskScapes
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
    "{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91E4F832-C899-406D-B620-6138AFB88D14}" = Machete Lite 3.6
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{AE010403-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
    "{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF9DB6BD-09B6-419C-BA2B-CBCD05291790}" = BE Limited III
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
    "{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1" = TurboTax Audit Support Center 3.0
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{EC07DA92-5054-4F0F-AA63-6B50441AF45B}" = LightScribe Diagnostic Utility
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.030
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "AviSynth" = AviSynth 2.5
    "BE Limited III" = BE Limited III
    "Call Graph" = Call Graph
    "Carbonite Setup Lite" = Carbonite Online Backup Setup
    "CDisplay_is1" = CDisplay 1.8
    "Cisco Connect" = Cisco Connect
    "CleanUp!" = CleanUp!
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "DeskScapes" = DeskScapes
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602
    "Google Chrome" = Google Chrome
    "HaaliMkx" = Haali Media Splitter
    "Handbrake" = Handbrake 0.9.4
    "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    "HMIP50_is1" = Hide My IP 5.3
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "KC Softwares SUMo_is1" = KC Softwares SUMo
    "KeyFinder_is1" = Magical Jelly Bean KeyFinder
    "KeyHoleTV" = KeyHoleTV
    "LogonStudio Vista" = LogonStudio Vista
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Maxthon3" = Maxthon 3
    "Messenger Plus!" = Messenger Plus! 5
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
    "MPE" = MyPhoneExplorer
    "Notepad++" = Notepad++
    "Office14.PRJPRO" = Microsoft Project Professional 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "PowerISO" = PowerISO
    "PSP Video 9" = PSP Video 9 5.04
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "SHARP MX-M550 620 700 Series PC-Fax Driver" = SHARP MX-M550/620/700 Series PC-Fax Driver
    "SHARP PCL6 T1 Printer Driver" = SHARP PCL6 T1 Printer Driver
    "SHARP PS T1 Printer Driver" = SHARP PS T1 Printer Driver
    "Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
    "Soundman_is1" = Soundman 1.7.0
    "SpeedFan" = SpeedFan (remove only)
    "The Core Media Player" = The Core Media Player 4.0
    "TomTom HOME" = TomTom HOME 2.7.6.2056
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.3
    "Universal Extractor_is1" = Universal Extractor 1.6.1
    "Update Engine" = Sony Ericsson Update Engine
    "Update Service" = Sony Ericsson Update Service
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "VLC media player" = VLC media player 1.1.11
    "WildTangent hp Master Uninstall" = My HP Games
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "magicJack" = magicJack
    "MusicManager" = Music Manager
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "RockMelt" = RockMelt
    "uTorrent" = µTorrent
    "WinDirStat" = WinDirStat 1.1.2
    "Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 15/09/2012 05:29:25 PM | Computer Name = Evangelion | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 29017

    Error - 15/09/2012 05:29:25 PM | Computer Name = Evangelion | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 29017

    Error - 16/09/2012 03:02:04 AM | Computer Name = Evangelion | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 16/09/2012 03:02:13 AM | Computer Name = Evangelion | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 16/09/2012 03:25:45 AM | Computer Name = Evangelion | Source = MsiInstaller | ID = 11606
    Description =

    Error - 16/09/2012 03:25:45 AM | Computer Name = Evangelion | Source = MsiInstaller | ID = 11606
    Description =

    Error - 16/09/2012 03:25:45 AM | Computer Name = Evangelion | Source = MsiInstaller | ID = 1024
    Description =

    Error - 16/09/2012 05:48:30 PM | Computer Name = Evangelion | Source = Perflib | ID = 1023
    Description =

    Error - 16/09/2012 05:48:39 PM | Computer Name = Evangelion | Source = Perflib | ID = 1008
    Description =

    Error - 16/09/2012 05:48:39 PM | Computer Name = Evangelion | Source = Perflib | ID = 1023
    Description =

    [ DigitalPersona Pro Events ]
    Error - 01/07/2010 09:09:12 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
    Description = Agent cannot start. Description: Found other running Agent.

    Error - 06/07/2010 04:43:51 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
    Description = Agent cannot start. Description: Found other running Agent.

    Error - 07/07/2010 02:03:35 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
    Description = Agent cannot start. Description: Found other running Agent.

    Error - 20/07/2010 01:00:04 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
    Description = Agent cannot start. Description: Found other running Agent.

    Error - 22/07/2010 12:31:26 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
    Description = Agent cannot start. Description: Found other running Agent.

    Error - 15/08/2010 10:40:10 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 25/03/2011 03:55:59 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 25/03/2011 03:56:10 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 30/03/2011 08:15:52 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 08/09/2012 01:53:12 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    [ System Events ]
    Error - 16/09/2012 04:57:19 PM | Computer Name = Evangelion | Source = HTTP | ID = 15021
    Description =

    Error - 16/09/2012 04:58:52 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7023
    Description =

    Error - 16/09/2012 04:58:52 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7023
    Description =

    Error - 16/09/2012 04:59:05 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7026
    Description =

    Error - 16/09/2012 04:59:41 PM | Computer Name = Evangelion | Source = DCOM | ID = 10016
    Description =

    Error - 16/09/2012 05:02:31 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7009
    Description =

    Error - 16/09/2012 05:02:31 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/09/2012 05:02:31 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/09/2012 05:06:47 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7022
    Description =

    Error - 16/09/2012 05:23:24 PM | Computer Name = Evangelion | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4411094 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 607 bytes

    User: LemTest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 897172 bytes
    ->Google Chrome cache emptied: 9005387 bytes
    ->Flash cache emptied: 647 bytes

    User: Psycho Dunpeal
    ->Temp folder emptied: 1556499 bytes
    ->Temporary Internet Files folder emptied: 7435030 bytes
    ->Java cache emptied: 14846465 bytes
    ->FireFox cache emptied: 48756244 bytes
    ->Google Chrome cache emptied: 36747088 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 871375 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1254 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 119.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: LemTest

    User: Psycho Dunpeal
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LemTest
    ->Flash cache emptied: 0 bytes

    User: Psycho Dunpeal
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.61.5 log created on 09172012_023841

    Files\Folders moved on Reboot...
    C:\Users\Psycho Dunpeal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Psycho Dunpeal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC3MP1O7\01[1].htm not found!
    File\Folder C:\Users\Psycho Dunpeal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC3MP1O7\ADSAdClient31[1].htm not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  19. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    Results of screen317's Security Check version 0.99.51
    Windows Vista Service Pack 2 x64
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 26
    Java(TM) 6 Update 2
    Java version out of Date!
    Adobe Flash Player11.3.300.271
    Adobe Reader 9 Adobe Reader out of Date!
    Adobe Reader X (10.1.4)
    Mozilla Firefox 4.0b7 Firefox out of Date!
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSASCui.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Windows Defender MSASCui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
    Farbar Service Scanner Version: 06-08-2012
    Ran by Psycho Dunpeal (administrator) on 17-09-2012 at 03:38:11
    Running from "C:\Users\Psycho Dunpeal\Desktop"
    Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-09-11 06:22] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
    C:\Windows\System32\drivers\afd.sys
    [2012-02-16 01:40] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-09 17:31] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A
    C:\Windows\System32\dnsrslvr.dll
    [2011-04-14 07:31] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
    C:\Windows\System32\mpssvc.dll
    [2009-09-11 07:21] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
    C:\Windows\System32\bfe.dll
    [2009-09-11 07:15] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe
    [2009-09-11 07:22] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
    C:\Windows\System32\wscsvc.dll
    [2009-09-11 07:14] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-09-11 07:19] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-09-11 06:21] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
    C:\Windows\System32\es.dll
    [2009-09-11 06:21] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 09:43] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-09-11 06:22] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
    **** End of log ****
     
  20. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    # AdwCleaner v2.002 - Logfile created 09/17/2012 at 03:40:18
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
    # User : Psycho Dunpeal - EVANGELION
    # Boot Mode : Normal
    # Running from : C:\Users\Psycho Dunpeal\Desktop\adwcleaner.exe
    # Option [Search]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Folder Found : C:\Program Files (x86)\Viewpoint
    Folder Found : C:\ProgramData\Viewpoint
    Folder Found : C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
    ***** [Registry] *****
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\Software\Viewpoint
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v4.0 (en-US)
    Profile name : default
    File : C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\prefs.js
    Found : user_pref("surfcanyon.inst_id", "48635958149902065897820525257387");
    Found : user_pref("surfcanyon.inst_timestamp", "1302457567253");
    Found : user_pref("surfcanyon.last_seen_splash", "330");
    Found : user_pref("surfcanyon.partner_code", "MZ");
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\LemTest\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [3637 octets] - [17/09/2012 03:40:18]
    ########## EOF - C:\AdwCleaner[R1].txt - [3697 octets] ##########
     
  21. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Still waiting for Eset log.
     
  22. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    It didnt find any threats so there was no option to export and no log created
     
  23. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Well, I surely can't know if you won't tell me :)

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ===========================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  24. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 100

    Ok, it took me while but I did the steps. However, stupidly, the resulting logs from bot adwcleaner and otl got lost... cause my computer did some weird thing with windows update and shut down a it restarted so I could not save the contents and when I uninstalled adwclener I did not know it would have deleted the log as well... so I went searching for it and could not find it, I apologize... but I got everything done. thank you very much... it runs a bit better... still takes long to boot and shut down, but I'm not sure why.
     
  25. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.