Solved Hello,

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/09/2012 07:27:59 PM in x64 mode.
Windows Version: Windows 7
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!

Performing miscellaneous checks.
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/09/2012 07:28:13 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
 
All looks good :)

Any current issues?

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I dont see anymore pop up that I have trojan,Im running now the malware,and after I will download the OTL,my problem is the eset(cracked version) anti virus I have I cannot update,do you know a good free anti virus that I can use?Thanks
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.09.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evelyn :: EVELYN-PC [administrator]
09/08/2012 7:36:32 PM
mbam-log-2012-08-09 (19-36-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216020
Time elapsed: 2 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.39% Memory free
7.88 Gb Paging File | 5.93 Gb Available in Paging File | 75.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 759.69 Gb Free Space | 82.90% Space Free | Partition Type: NTFS

Computer Name: EVELYN-PC | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 19:43:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Evelyn\Desktop\OTL.exe
PRC - [2012/07/26 18:53:36 | 002,584,068 | ---- | M] (NCH Software) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
PRC - [2012/07/25 09:18:46 | 003,515,840 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/07/06 16:37:35 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/06 16:37:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/17 07:15:18 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/06/04 19:10:13 | 000,499,312 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2012/06/04 19:10:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/04 16:16:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/05/31 04:53:02 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/17 15:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/16 18:19:11 | 003,634,000 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/27 11:02:12 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/18 17:42:30 | 000,093,880 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe
PRC - [2011/08/10 23:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/20 14:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/20 14:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/05/11 19:59:36 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
PRC - [2011/05/11 19:59:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/04/22 12:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/02 17:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/03/28 22:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 22:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/24 03:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2011/02/01 01:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 01:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/25 08:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/06 14:08:52 | 000,153,416 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/01 18:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/10/30 20:52:32 | 000,531,784 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2007/10/30 19:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2007/05/15 17:34:00 | 003,975,848 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME\TomTomHOME.exe
PRC - [2007/05/07 14:07:08 | 000,435,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/03/05 08:40:25 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/06 16:37:36 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/06 16:37:34 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/06 16:37:33 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/06/16 19:34:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/16 19:34:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/01 03:34:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/01 03:34:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/01 03:34:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/01 03:34:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/01 03:33:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 23:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 23:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/05/20 14:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/05/20 14:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2007/11/01 18:13:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2007/10/30 19:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/05/07 14:07:08 | 000,435,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
MOD - [2007/04/25 05:12:25 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
MOD - [2007/04/25 05:12:25 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
MOD - [2007/04/25 05:11:29 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/03/23 15:41:43 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiscw.dll
MOD - [2007/03/05 10:45:25 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdidatr.dll
MOD - [2007/03/05 08:41:15 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/03/05 08:40:22 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdicats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/04/22 12:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/26 11:38:59 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007/04/26 11:38:48 | 000,033,712 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2012/08/03 11:08:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/26 18:53:36 | 002,584,068 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2012/07/06 16:37:35 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/04 16:16:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/16 18:19:05 | 000,196,944 | R--- | M] () [Auto | Running] -- C:\ProgramData\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/06/17 14:55:55 | 000,036,688 | ---- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe -- (FibUacService)
SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/02 17:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/02/01 01:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 01:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/26 11:38:48 | 000,033,712 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/04/26 11:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/25 21:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/21 11:52:39 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/07/21 11:52:39 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/07/21 11:52:39 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/30 02:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 02:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/11 19:59:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/04/18 23:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/03/06 09:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/16 05:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/31 04:04:40 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/24 16:19:18 | 000,033,144 | ---- | M] (simonowen.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdrawcmd.sys -- (fdrawcmd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{02EB0A42-2575-4E27-AB43-8B1A5785D0D7}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=67CF3A52-4C16-4220-9868-32BF2550CDC0
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{03A83AB9-49ED-4C60-BEF4-F38ED722839D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...P_def&mntrId=9a1136d900000000000074de2b473652
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{35A11D2C-5CB8-4BE3-AB87-029579390F8A}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&...120401BE904DCF8AB4759995B4BC91&q={searchTerms}
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...425a477ed&lang=en&ds=ft011&pr=sa&d=2012-07-06 16:37:36&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{C1E37FDD-2E9A-4BCD-99F5-70D03590AFE6}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT1060933.browser.search.defaultthis.engineName: true
FF - prefs.js..CT2801948.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=41648001&gct=hp"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Evelyn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Evelyn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Evelyn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/08/06 18:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 18:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/06 16:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/16 23:52:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/06 18:14:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Evelyn\AppData\Roaming\IDM\idmmzcc5 [2012/07/26 08:42:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Evelyn\AppData\Roaming\IDM\idmmzcc5 [2012/07/26 08:42:47 | 000,000,000 | ---D | M]

[2012/08/06 20:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Extensions
[2012/02/01 23:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\extensions
[2012/02/01 23:19:49 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/08/09 18:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions
[2012/04/01 10:20:59 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/07/27 17:57:00 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2012/06/27 22:01:25 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/07/26 18:54:46 | 000,000,000 | ---D | M] (NCH EN) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012/07/16 23:52:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/27 17:57:01 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/16 23:01:44 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/07/13 13:31:48 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
[2012/07/27 18:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\extensions\staged
[2012/08/02 23:01:44 | 000,002,343 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\searchplugins\askcom.xml
[2012/07/27 17:58:11 | 000,000,905 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\searchplugins\conduit.xml
[2012/07/16 23:01:41 | 000,002,519 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\searchplugins\Search_Results.xml
[2012/08/06 20:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/16 23:52:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/06 16:37:33 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/06 14:00:30 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/16 23:52:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/01 10:21:00 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012/07/16 23:01:41 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/16 23:52:33 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - homepage: http://www.ask.com/?l=dis&o=41648001cr&gct=hp

O1 HOSTS File: ([2012/08/09 18:53:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EMBIRD64.Searcher] C:\Program Files\EMBIRD64\SEARCHER.EXE ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Blubster] C:\Program Files (x86)\Blubster\Blubster.exe SILENT File not found
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EverioService] C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000..\Run: [FibReminder] c:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe (Storage Appliance Corp.)
O4 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2446362139-3295246480-1608073123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://acer.custhelp.com/euf/assets/activex/snret.cab (SNRet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{742F1CBF-C007-448D-A2C0-2E99C2452101}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0D6781-4DD9-49F7-9131-0C1832EB5130}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 19:43:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Evelyn\Desktop\OTL.exe
[2012/08/09 19:00:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/09 18:53:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/08 13:30:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 13:30:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 13:30:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 13:25:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/08 13:25:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/08 13:20:45 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Evelyn\Desktop\ComboFix.exe
[2012/08/08 12:58:33 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\rkill-backup
[2012/08/08 12:58:14 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Evelyn\Desktop\rkill.exe
[2012/08/07 23:42:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Evelyn\Desktop\dds.EXE
[2012/08/07 19:24:01 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{28E9E201-9E6F-442C-B6BE-D60C21DC7C06}
[2012/08/07 19:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Clickfree
[2012/08/07 09:30:23 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Documents\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)
[2012/08/06 19:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/06 19:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/06 19:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/06 18:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/08/06 18:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/08/06 17:24:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/06 11:35:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2012/08/06 11:35:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2012/08/06 11:35:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2012/08/06 11:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blubster
[2012/08/06 11:12:54 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Embroidery Deduper
[2012/08/06 11:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embroidery Deduper
[2012/08/06 11:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Embroidery Deduper
[2012/08/03 10:32:22 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Embird 2012 (64-bit)
[2012/08/03 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\EMBIRD64
[2012/08/03 10:31:25 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\EMBIRD64
[2012/08/02 23:10:19 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\Applian FLV and Media Player
[2012/08/02 23:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012/08/02 23:01:19 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\APN
[2012/07/26 18:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH_EN
[2012/07/25 09:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/07/23 22:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/07/21 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{8D1BAA02-25CA-4996-AC23-E876186EA29E}
[2012/07/20 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012/07/20 07:36:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/19 22:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2012/07/19 18:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/07/19 18:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/07/19 18:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
[2012/07/19 18:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/07/19 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\NCH Software
[2012/07/19 17:06:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/07/19 17:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012/07/19 16:50:06 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{83BB2442-3862-40E7-A041-3E1F0EFBA4B1}
[2012/07/19 16:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2012/07/19 10:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/18 18:54:15 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\New folder
[2012/07/18 18:52:35 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\tagalog song
[2012/07/18 18:51:38 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\music 2
[2012/07/17 00:08:20 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\AVS4YOU
[2012/07/17 00:08:12 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/07/17 00:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/07/17 00:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/07/17 00:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/07/17 00:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012/07/16 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\jZip
[2012/07/16 23:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
[2012/07/16 23:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/16 23:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2012/07/16 23:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2012/07/16 18:38:59 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Documents\iSkysoft Video Converter
[2012/07/16 18:38:59 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\iSkysoft Video Converter
[2012/07/16 18:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2012/07/16 18:38:52 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/07/16 18:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2012/07/14 16:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2012/07/14 16:57:43 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\BlueSprig
[2012/07/14 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\IObit
[2012/07/14 16:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/07/14 16:45:38 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{ADA57C40-8D59-4408-B4C1-E412A84FA768}
[2012/07/14 13:51:01 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{B40D2DDA-BEB0-4FAE-8C30-CE397F10DCBC}
[2012/07/11 20:04:25 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\IDM
[2012/07/11 20:04:25 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\DMCache
[2012/07/11 20:04:23 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/07/11 20:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/07/11 20:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2012/07/11 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Documents\idman612b
[2012/07/10 21:48:24 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\iWin

========== Files - Modified Within 30 Days ==========

[2012/08/09 19:43:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Evelyn\Desktop\OTL.exe
[2012/08/09 19:26:46 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2446362139-3295246480-1608073123-1000UA.job
[2012/08/09 19:26:45 | 000,002,424 | ---- | M] () -- C:\Users\Evelyn\Desktop\Google Chrome.lnk
[2012/08/09 19:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 19:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 19:02:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 19:02:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 18:53:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/09 18:53:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 18:53:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 18:53:09 | 3173,076,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 17:59:29 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Evelyn\Desktop\ComboFix.exe
[2012/08/08 21:26:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2446362139-3295246480-1608073123-1000Core.job
[2012/08/08 12:58:04 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Evelyn\Desktop\rkill.exe
[2012/08/08 11:40:00 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/08 11:40:00 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/08 11:40:00 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/07 23:42:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Evelyn\Desktop\dds.EXE
[2012/08/06 20:22:28 | 000,031,509 | ---- | M] () -- C:\Windows\wininit.ini
[2012/08/06 19:59:27 | 000,001,290 | ---- | M] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/06 19:59:27 | 000,001,266 | ---- | M] () -- C:\Users\Evelyn\Desktop\Spybot - Search & Destroy.lnk
[2012/08/06 18:19:52 | 000,002,517 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2012/08/06 11:23:44 | 000,001,085 | ---- | M] () -- C:\Users\Evelyn\Desktop\Embroidery Deduper.lnk
[2012/08/03 15:21:08 | 1429,334,509 | ---- | M] () -- C:\Users\Evelyn\Desktop\The Expendables 2010.wmv
[2012/08/03 14:30:11 | 000,000,267 | ---- | M] () -- C:\Windows\password.klc
[2012/08/03 13:16:22 | 000,000,271 | ---- | M] () -- C:\password.klc
[2012/08/03 10:32:48 | 000,051,866 | ---- | M] (Simon Owen) -- C:\Windows\FdUninstall.exe
[2012/08/03 10:32:39 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Embird Quick Searcher (64-bit).lnk
[2012/08/03 10:32:39 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Embird Clip Image (64-bit).lnk
[2012/08/03 10:32:39 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Embird 2012 (64-bit).lnk
[2012/08/02 23:01:46 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2012/07/29 12:33:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 13:46:04 | 2026,027,069 | ---- | M] () -- C:\Users\Evelyn\Desktop\Horrible Bosses {2011} DVDRIP. Jaybob.wmv
[2012/07/27 21:48:56 | 1548,024,129 | ---- | M] () -- C:\Users\Evelyn\Desktop\Resident Evil.wmv
[2012/07/26 18:55:35 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/26 18:54:25 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/07/26 18:53:36 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\BroadCam Video Streaming Server.lnk
[2012/07/26 18:53:26 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012/07/26 18:51:55 | 2478,476,745 | ---- | M] () -- C:\Users\Evelyn\Desktop\Alvin And The Chipmunks Chipwrecked 2012.wmv
[2012/07/26 12:30:59 | 1526,293,777 | ---- | M] () -- C:\Users\Evelyn\Desktop\the dark knight rises 2012.wmv
[2012/07/25 21:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/07/23 22:33:51 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2012/07/20 22:02:34 | 000,038,950 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\ExpressZip.dmp
[2012/07/20 22:02:30 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Express Rip.lnk
[2012/07/20 07:36:32 | 467,072,005 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/19 22:42:03 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/07/19 18:22:00 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Disketch Disc Label Software.lnk
[2012/07/19 17:06:33 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/07/19 16:30:36 | 000,007,168 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 16:28:49 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/07/19 10:36:06 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/17 00:08:13 | 000,001,301 | ---- | M] () -- C:\Users\Evelyn\Desktop\AVS4YOU Software Navigator.lnk
[2012/07/16 23:01:41 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/07/16 23:01:41 | 000,000,927 | ---- | M] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2012/07/16 18:38:55 | 000,001,275 | ---- | M] () -- C:\Users\Evelyn\Desktop\iSkysoft Video Converter.lnk
[2012/07/11 08:20:12 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 21:41:15 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2012/07/10 21:22:03 | 000,002,360 | ---- | M] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2012/07/10 21:22:03 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro Photo X2.lnk

========== Files Created - No Company Name ==========

[2012/08/08 13:30:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 13:30:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 13:30:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 13:30:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 13:30:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/06 19:59:27 | 000,001,290 | ---- | C] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/06 19:59:27 | 000,001,266 | ---- | C] () -- C:\Users\Evelyn\Desktop\Spybot - Search & Destroy.lnk
[2012/08/06 11:35:44 | 000,002,517 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2012/08/06 11:12:55 | 000,001,085 | ---- | C] () -- C:\Users\Evelyn\Desktop\Embroidery Deduper.lnk
[2012/08/03 14:47:32 | 1429,334,509 | ---- | C] () -- C:\Users\Evelyn\Desktop\The Expendables 2010.wmv
[2012/08/03 13:19:19 | 000,000,267 | ---- | C] () -- C:\Windows\password.klc
[2012/08/03 10:32:39 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Embird Quick Searcher (64-bit).lnk
[2012/08/03 10:32:39 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Embird Clip Image (64-bit).lnk
[2012/08/03 10:32:39 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Embird 2012 (64-bit).lnk
[2012/08/03 10:32:33 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI
[2012/08/02 23:01:46 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2012/07/28 13:26:44 | 2026,027,069 | ---- | C] () -- C:\Users\Evelyn\Desktop\Horrible Bosses {2011} DVDRIP. Jaybob.wmv
[2012/07/27 21:17:17 | 1548,024,129 | ---- | C] () -- C:\Users\Evelyn\Desktop\Resident Evil.wmv
[2012/07/26 18:55:35 | 000,000,009 | ---- | C] () -- C:\END
[2012/07/26 18:54:25 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012/07/26 18:54:25 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/07/26 18:53:36 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\BroadCam Video Streaming Server.lnk
[2012/07/26 18:53:36 | 000,001,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BroadCam Video Streaming Server.lnk
[2012/07/26 18:53:26 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2012/07/26 18:53:26 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012/07/26 18:32:42 | 2478,476,745 | ---- | C] () -- C:\Users\Evelyn\Desktop\Alvin And The Chipmunks Chipwrecked 2012.wmv
[2012/07/26 12:17:36 | 1526,293,777 | ---- | C] () -- C:\Users\Evelyn\Desktop\the dark knight rises 2012.wmv
[2012/07/23 22:33:51 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012/07/23 22:33:51 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2012/07/20 22:02:33 | 000,038,950 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\ExpressZip.dmp
[2012/07/20 22:02:30 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip.lnk
[2012/07/20 22:02:30 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Express Rip.lnk
[2012/07/20 07:36:32 | 467,072,005 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/19 22:42:03 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/07/19 22:42:03 | 000,001,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression Software.lnk
[2012/07/19 18:22:00 | 000,001,168 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disketch Disc Label Software.lnk
[2012/07/19 18:22:00 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Disketch Disc Label Software.lnk
[2012/07/19 17:06:33 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/07/19 16:29:43 | 000,007,168 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 10:36:06 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/17 00:08:13 | 000,001,301 | ---- | C] () -- C:\Users\Evelyn\Desktop\AVS4YOU Software Navigator.lnk
[2012/07/16 23:01:41 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/07/16 23:01:41 | 000,000,927 | ---- | C] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2012/07/16 18:38:55 | 000,001,275 | ---- | C] () -- C:\Users\Evelyn\Desktop\iSkysoft Video Converter.lnk
[2012/07/16 18:38:54 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\IS_VideoConverterContextMenu.dll
[2012/07/16 18:38:52 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/07/16 18:38:52 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/07/10 21:41:15 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/12/31 15:04:14 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/12/31 14:55:21 | 000,000,042 | ---- | C] () -- C:\Windows\PCSPATS.DAT
[2011/12/31 14:55:06 | 000,343,040 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2011/12/31 14:55:06 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2011/12/29 19:46:43 | 000,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI
[2011/12/29 19:17:31 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2011/12/29 19:17:30 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2011/12/29 19:17:30 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2011/12/29 19:17:29 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2011/12/29 19:17:28 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2011/12/29 19:17:26 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2011/12/29 19:17:26 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2011/12/29 19:17:25 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2011/12/29 19:17:25 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2011/12/29 19:17:25 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2011/12/29 19:17:24 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2011/12/29 19:17:24 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2011/12/29 19:17:23 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2011/12/29 19:17:23 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2011/12/29 19:17:19 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2011/12/29 19:17:18 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2011/12/29 19:17:18 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2011/12/27 22:01:30 | 000,031,509 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/21 12:02:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/21 12:02:32 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/21 12:02:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/08/03 14:07:56 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Applian FLV and Media Player
[2012/04/04 20:32:13 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\asoftech
[2012/07/14 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\BlueSprig
[2012/02/04 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Canon
[2012/08/09 18:52:38 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\DMCache
[2011/12/29 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\EMBIRD32
[2011/12/31 17:03:33 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\EMBIRD32_STUDIO_N
[2012/08/03 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\EMBIRD64
[2012/07/31 09:27:00 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\IDM
[2012/07/14 12:42:51 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\ImgBurn
[2012/07/14 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\IObit
[2012/07/16 18:38:59 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\iSkysoft Video Converter
[2012/07/10 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\iWin
[2011/12/30 21:55:39 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Lexmark Productivity Studio
[2011/12/27 20:18:02 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\OEM
[2012/07/14 13:54:14 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\PowerCinema
[2012/07/06 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Replay Media Catcher 4
[2012/08/09 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\uTorrent
[2012/03/29 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Windows Live Writer
[2012/06/21 18:31:39 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 8/9/2012 7:45:00 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Evelyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.39% Memory free
7.88 Gb Paging File | 5.93 Gb Available in Paging File | 75.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 759.69 Gb Free Space | 82.90% Space Free | Partition Type: NTFS

Computer Name: EVELYN-PC | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2446362139-3295246480-1608073123-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{415BBDBF-6BD0-4A20-A2DC-726701DD1C29}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3D702F4-3187-4CE3-A443-7754EFC4B664}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{060B88CF-FB35-40DA-8D06-6203448AD636}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"TCP Query User{7763AE58-88D4-4D67-A6F4-37B9E8B8B47F}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{7E4CC234-0CC2-40F8-B8C7-1CEE748EC192}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"TCP Query User{E8665DD8-146D-431F-AF70-2AE7098FD016}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{1AC464F2-59FE-4922-B344-1465DBCE95BD}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"UDP Query User{30F987CD-099C-49D3-B8DB-F091E88B84EF}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{4ED7FD68-D0C5-45DB-B061-1DDC944F23B5}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"UDP Query User{B593E35C-7199-436B-B91D-AED377B786E4}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}" = ESET NOD32 Antivirus
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Embird 2012 (64-bit)" = Embird 2012 (64-bit)
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TimeLineRemove_is1" = TimeLineRemove 0.4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}" = Asoftech Photo Recovery
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF5C8CA0-1883-11D5-8EE3-00010249AFCB}" = PCStitch 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AVG Secure Search" = AVG Security Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"blekkotb" = Spam Free Search Bar
"BroadCam" = BroadCam Video Streaming Server
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Clickfree Easy Image" = Clickfree Easy Image
"Debut" = Debut Video Capture Software
"DirectPrintUserGuide" = Canon Direct Print User Guide
"Disketch" = Disketch Disc Label Software
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Embird 2010" = Embird 2010
"Embroidery Deduper" = Embroidery Deduper 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"ExpressRip" = Express Rip
"ExpressZip" = Express Zip File Compression Software
"fdrawcmd" = Fdrawcmd.sys 1.0.1.11
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.11" = Freecorder 5
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"Internet Download Manager" = Internet Download Manager
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 3.2.2.0)
"jZip" = jZip
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NCH_EN Toolbar" = NCH EN Toolbar
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Prism" = Prism Video File Converter
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.3)
"Searchqu Toolbar" = Searchqu Toolbar
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VideoPad" = VideoPad Video Editor
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 2.0.2
"Wajam" = Wajam
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WiseConvert Toolbar" = WiseConvert Toolbar
"WTA-0703e9d5-b791-4fc6-a8f9-03567ce59338" = Cradle of Rome 2
"WTA-0c62981a-266b-4256-b354-86f9a570f904" = Dora's World Adventure
"WTA-141a0448-f09f-4e51-8ae3-eae654700339" = Polar Bowler
"WTA-1ea158e5-10d6-423d-87c3-bd886b8e84a6" = Build-a-lot 4 - Power Source
"WTA-39ceb2e7-88ab-4cbd-a301-f58cce180a17" = Chronicles of Albian
"WTA-4c8f3b2d-db53-4ee0-ac34-cdcc8c1e3f7a" = Plants vs. Zombies - Game of the Year
"WTA-5e165ed7-fd01-4e29-b754-377535a4f543" = Agatha Christie - Death on the Nile
"WTA-6cff426a-3e5f-4bb6-b5f3-8f88b448228c" = Final Drive: Nitro
"WTA-80efdcdf-e96f-4868-9e30-aa3ae0d2ca73" = Jewel Match 3
"WTA-8bb9ab66-785d-4c6f-ae85-5cc8f0803a4a" = Polar Golfer
"WTA-8fea78eb-a528-451e-9d14-1ab0a0a7052f" = Zuma's Revenge
"WTA-a4de1189-d068-4a5a-9472-f57a55c28f21" = Torchlight
"WTA-ab0f8ad9-f564-4196-8a16-f0b128711bf2" = FATE: The Cursed King
"WTA-b684156b-76ce-4bb1-9cde-10dadf02d315" = Bejeweled 2 Deluxe
"WTA-b92f370c-05a1-4119-841a-1918bc069eda" = Penguins!
"WTA-bcfd3b00-e43c-4134-8803-4a8218efe652" = Mystery of Mortlake Mansion
"WTA-bde6d759-a039-4801-8539-70bd2d0770f7" = Governor of Poker 2 Premium Edition
"WTA-d65b235a-f6eb-49c5-8a54-3e9e142e304f" = Chuzzle Deluxe
"WTA-ea14a82e-39ec-4f8b-973e-bab1db12a7d1" = Virtual Villagers 5 - New Believers
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2446362139-3295246480-1608073123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2012 11:18:38 AM | Computer Name = Evelyn-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SndVol.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aced Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
process id: 0x1890 Faulting application start time: 0x01cd72546bfcb632 Faulting application
path: C:\Windows\system32\SndVol.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: a9cf5716-de47-11e1-a675-c89cdc6be5c1

Error - 8/5/2012 9:49:56 AM | Computer Name = Evelyn-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2012 12:44:59 PM | Computer Name = Evelyn-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2012 12:45:59 PM | Computer Name = Evelyn-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a
Faulting
process id: 0x90c Faulting application start time: 0x01cd7329c97d1dcb Faulting application
path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 08853193-df1d-11e1-8fa1-c89cdc6be5c1

Error - 8/5/2012 10:21:29 PM | Computer Name = Evelyn-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2012 10:21:31 PM | Computer Name = Evelyn-PC | Source = Application Error | ID = 1000
Description = Faulting application name: egui.exe, version: 5.0.94.0, time stamp:
0x4e7b012d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting process
id: 0xb78 Faulting application start time: 0x01cd737a30484bb0 Faulting application
path: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 6ef0a440-df6d-11e1-a605-c89cdc6be5c1

Error - 8/6/2012 7:32:49 AM | Computer Name = Evelyn-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 2:47:39 PM | Computer Name = Evelyn-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 5:02:28 PM | Computer Name = Evelyn-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 5:06:12 PM | Computer Name = Evelyn-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: be8 Start
Time: 01cd741746d86e72 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ Media Center Events ]
Error - 8/6/2012 10:54:04 PM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 10:53:57 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/7/2012 8:06:56 AM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 8:06:51 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/7/2012 9:07:36 AM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 9:07:31 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/7/2012 7:06:37 PM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 7:06:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/7/2012 10:40:12 PM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 10:40:08 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/8/2012 11:41:34 AM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 11:41:34 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/8/2012 10:38:51 PM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 10:38:48 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 8/9/2012 11:00:00 AM | Computer Name = Evelyn-PC | Source = MCUpdate | ID = 0
Description = 11:00:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

[ System Events ]
Error - 8/8/2012 1:42:32 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/8/2012 1:43:23 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 8/9/2012 6:03:27 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/9/2012 6:05:35 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/9/2012 6:06:13 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 8/9/2012 6:50:20 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/9/2012 6:52:12 PM | Computer Name = Evelyn-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/9/2012 6:52:12 PM | Computer Name = Evelyn-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/9/2012 6:52:37 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/9/2012 6:53:26 PM | Computer Name = Evelyn-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >
 
Definitely uninstall cracked Eset.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Do this right AFTER you run following OTL fix.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=41648001&gct=hp"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    [2012/08/02 23:01:44 | 000,002,343 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\searchplugins\askcom.xml
    CHR - homepage: http://www.ask.com/?l=dis&o=41648001cr&gct=hp
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

=====================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://www.ask.com/?l=dis&o=41648001&gct=hp" removed from browser.startup.homepage
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\mr9zu7ib.default\searchplugins\askcom.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evelyn
->Temp folder emptied: 161340 bytes
->Temporary Internet Files folder emptied: 34643477 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84761555 bytes
->Google Chrome cache emptied: 57767063 bytes
->Flash cache emptied: 72480 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1411 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33304 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Evelyn
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Evelyn
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08092012_201654
Files\Folders moved on Reboot...
C:\Users\Evelyn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\~DF7749F16045DEA3C0.TMP moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTDN4DP0\ping[1].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTDN4DP0\ptj[1].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTDN4DP0\rt[1].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXTKPJZS\ptj[2].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXTKPJZS\xd_arbiter[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7CPCD12\conduit_app[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7CPCD12\ping[1].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7CPCD12\xd_arbiter[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LI124XGW\ads[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCW8TEB7\rt[1].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5BH6670\ping[1].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5BH6670\rt[2].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A92OF896\component[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A92OF896\pj[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A92OF896\ptj[2].js moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A5KGLX1\1343345473817-70784f912c25[1].htm moved successfully.
C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63CBBDBE\al[1].js moved successfully.
PendingFileRenameOperations files...
File C:\Users\Evelyn\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Evelyn\AppData\Local\Temp\~DF7749F16045DEA3C0.TMP not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTDN4DP0\ping[1].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTDN4DP0\ptj[1].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTDN4DP0\rt[1].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXTKPJZS\ptj[2].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXTKPJZS\xd_arbiter[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7CPCD12\conduit_app[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7CPCD12\ping[1].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7CPCD12\xd_arbiter[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LI124XGW\ads[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCW8TEB7\rt[1].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5BH6670\ping[1].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5BH6670\rt[2].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A92OF896\component[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A92OF896\pj[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A92OF896\ptj[2].js not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A5KGLX1\1343345473817-70784f912c25[1].htm not found!
File C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63CBBDBE\al[1].js not found!
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.2
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 06-08-2012
Ran by Evelyn (administrator) on 09-08-2012 at 20:28:42
Running from "C:\Users\Evelyn\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
What about?
Definitely uninstall cracked Eset.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Do this right AFTER you run following OTL fix.

p4494882.gif
 
I want to run free online scan with eset online scanner but ts said need to insatll,do I need to install it?
 
sorry I thought I need to do all the scanning before downloading anti virus, I did download the microsoft security essential and now is scanning my computer,do I need to do the security check and FSS after the microsoft security essential scan finish?
 
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 06-08-2012
Ran by Evelyn (administrator) on 09-08-2012 at 21:29:49
Running from "C:\Users\Evelyn\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
by the way I dont know how to disable the microsoft security essential,when I clicked I cannot find the disable button
 
C:\Qoobox\Quarantine\C\Windows\Installer\{abf7a968-8459-95d7-1a3d-43e104b2c55a}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
 
Back