I got myself in a bit of a hole...

Solved
By Classified1
Nov 12, 2012
  1. Hello, greetings to all of you technology enthusiastists, I have an issue with a virus/malware or whatever it is. It masquerades by the title FREEzeFrog, it is located in my c: drive under program files (86x) where it has a folder inside named bin which is empty. I have tried deleting the folder already but it reappeared again. I have no experience at all how to remove it or how to deal with it, as I am only now starting to learn how to code/program. Anyways I had a mishap with malwares and viruses a while back but I installed avg and antimalware bites and it got rid of them, except for this little bugger. Anyhow is there a way to remove it without formatting my hard drive? I really do not want to format it, but if it is the only solution do not waste your time on me. Thanks in advanced!:)
  2. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    I have done all of the instructions I was told, and these are the results (btw thank you guys, you are my pc heros :D)

    Anti malware bytes log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.13.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tony&Theodore :: TONYTHEODOREPC [administrator]

    11/13/2012 4:08:54 PM
    mbam-log-2012-11-13 (16-08-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 252612
    Time elapsed: 4 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    I did not have any produced logs for gmer or DDS...

    But I am certain that I have the virus, my computer is really slow and it is only 1 year old; especially that it is custom built that it should last longer. I have a reappearing freeze frog file in my program files x86 but nothing is catching it. What else is there to do if this does not prove it?
  4. Broni

    Broni Malware Annihilator Posts: 45,216   +243

  5. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    I do believe I have completed all the steps?

    I have the AVG antivirus 2012

    The Antimalware bytes log is listed above

    gmer did not produce any log

    DDs did not produce any log (is it supposed to?)
  6. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    TDSSKILLER LOG

    19:45:56.0961 4172 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    19:45:57.0535 4172 ============================================================
    19:45:57.0535 4172 Current date / time: 2012/11/14 19:45:57.0535
    19:45:57.0535 4172 SystemInfo:
    19:45:57.0535 4172
    19:45:57.0535 4172 OS Version: 6.1.7601 ServicePack: 1.0
    19:45:57.0535 4172 Product type: Workstation
    19:45:57.0535 4172 ComputerName: TONYTHEODOREPC
    19:45:57.0535 4172 UserName: Tony&Theodore
    19:45:57.0535 4172 Windows directory: C:\windows
    19:45:57.0535 4172 System windows directory: C:\windows
    19:45:57.0535 4172 Running under WOW64
    19:45:57.0535 4172 Processor architecture: Intel x64
    19:45:57.0535 4172 Number of processors: 4
    19:45:57.0535 4172 Page size: 0x1000
    19:45:57.0535 4172 Boot type: Normal boot
    19:45:57.0535 4172 ============================================================
    19:45:57.0985 4172 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:45:57.0989 4172 ============================================================
    19:45:57.0989 4172 \Device\Harddisk0\DR0:
    19:45:57.0989 4172 MBR partitions:
    19:45:57.0989 4172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:45:57.0989 4172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
    19:45:57.0989 4172 ============================================================
    19:45:58.0012 4172 C: <-> \Device\Harddisk0\DR0\Partition2
    19:45:58.0012 4172 ============================================================
    19:45:58.0012 4172 Initialize success
    19:45:58.0012 4172 ============================================================
    19:45:59.0497 7144 ============================================================
    19:45:59.0498 7144 Scan started
    19:45:59.0498 7144 Mode: Manual;
    19:45:59.0498 7144 ============================================================
    19:46:00.0264 7144 ================ Scan system memory ========================
    19:46:00.0264 7144 System memory - ok
    19:46:00.0267 7144 ================ Scan services =============================
    19:46:00.0444 7144 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    19:46:00.0447 7144 1394ohci - ok
    19:46:00.0473 7144 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    19:46:00.0477 7144 ACPI - ok
    19:46:00.0515 7144 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    19:46:00.0517 7144 AcpiPmi - ok
    19:46:00.0716 7144 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:46:00.0717 7144 AdobeARMservice - ok
    19:46:00.0829 7144 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:46:00.0832 7144 AdobeFlashPlayerUpdateSvc - ok
    19:46:00.0875 7144 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    19:46:00.0881 7144 adp94xx - ok
    19:46:00.0918 7144 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    19:46:00.0922 7144 adpahci - ok
    19:46:00.0942 7144 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    19:46:00.0945 7144 adpu320 - ok
    19:46:00.0973 7144 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    19:46:00.0973 7144 AeLookupSvc - ok
    19:46:01.0041 7144 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    19:46:01.0044 7144 AFD - ok
    19:46:01.0073 7144 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    19:46:01.0074 7144 agp440 - ok
    19:46:01.0096 7144 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    19:46:01.0097 7144 ALG - ok
    19:46:01.0118 7144 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    19:46:01.0119 7144 aliide - ok
    19:46:01.0141 7144 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    19:46:01.0142 7144 amdide - ok
    19:46:01.0184 7144 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    19:46:01.0186 7144 AmdK8 - ok
    19:46:01.0201 7144 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    19:46:01.0203 7144 AmdPPM - ok
    19:46:01.0236 7144 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    19:46:01.0239 7144 amdsata - ok
    19:46:01.0262 7144 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    19:46:01.0265 7144 amdsbs - ok
    19:46:01.0284 7144 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    19:46:01.0285 7144 amdxata - ok
    19:46:01.0324 7144 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    19:46:01.0325 7144 AppID - ok
    19:46:01.0349 7144 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    19:46:01.0350 7144 AppIDSvc - ok
    19:46:01.0376 7144 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    19:46:01.0376 7144 Appinfo - ok
    19:46:01.0448 7144 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:46:01.0450 7144 Apple Mobile Device - ok
    19:46:01.0490 7144 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
    19:46:01.0496 7144 arc - ok
    19:46:01.0511 7144 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    19:46:01.0513 7144 arcsas - ok
    19:46:01.0626 7144 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:46:01.0628 7144 aspnet_state - ok
    19:46:01.0700 7144 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\windows\system32\drivers\aswKbd.sys
    19:46:01.0701 7144 aswKbd - ok
    19:46:01.0712 7144 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    19:46:01.0714 7144 AsyncMac - ok
    19:46:01.0754 7144 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    19:46:01.0754 7144 atapi - ok
    19:46:01.0840 7144 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\drivers\atikmdag.sys
    19:46:01.0889 7144 atikmdag - ok
    19:46:01.0939 7144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    19:46:01.0943 7144 AudioEndpointBuilder - ok
    19:46:01.0956 7144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    19:46:01.0960 7144 AudioSrv - ok
    19:46:02.0050 7144 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    19:46:02.0052 7144 Autodesk Content Service - ok
    19:46:02.0193 7144 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    19:46:02.0217 7144 AVGIDSAgent - ok
    19:46:02.0264 7144 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
    19:46:02.0265 7144 AVGIDSDriver - ok
    19:46:02.0296 7144 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
    19:46:02.0297 7144 AVGIDSFilter - ok
    19:46:02.0312 7144 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
    19:46:02.0313 7144 AVGIDSHA - ok
    19:46:02.0364 7144 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
    19:46:02.0367 7144 Avgldx64 - ok
    19:46:02.0383 7144 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
    19:46:02.0384 7144 Avgmfx64 - ok
    19:46:02.0426 7144 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
    19:46:02.0427 7144 Avgrkx64 - ok
    19:46:02.0459 7144 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
    19:46:02.0461 7144 Avgtdia - ok
    19:46:02.0513 7144 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\windows\system32\drivers\avgtpx64.sys
    19:46:02.0514 7144 avgtp - ok
    19:46:02.0548 7144 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    19:46:02.0550 7144 avgwd - ok
    19:46:02.0614 7144 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    19:46:02.0616 7144 AxInstSV - ok
    19:46:02.0705 7144 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    19:46:02.0710 7144 b06bdrv - ok
    19:46:02.0748 7144 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    19:46:02.0752 7144 b57nd60a - ok
    19:46:02.0782 7144 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    19:46:02.0783 7144 BDESVC - ok
    19:46:02.0807 7144 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    19:46:02.0808 7144 Beep - ok
    19:46:02.0848 7144 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    19:46:02.0856 7144 BFE - ok
    19:46:02.0891 7144 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
    19:46:02.0896 7144 BITS - ok
    19:46:02.0918 7144 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    19:46:02.0919 7144 blbdrive - ok
    19:46:03.0018 7144 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:46:03.0021 7144 Bonjour Service - ok
    19:46:03.0044 7144 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    19:46:03.0045 7144 bowser - ok
    19:46:03.0070 7144 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    19:46:03.0072 7144 BrFiltLo - ok
    19:46:03.0079 7144 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    19:46:03.0080 7144 BrFiltUp - ok
    19:46:03.0128 7144 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    19:46:03.0129 7144 Browser - ok
    19:46:03.0150 7144 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    19:46:03.0154 7144 Brserid - ok
    19:46:03.0162 7144 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    19:46:03.0163 7144 BrSerWdm - ok
    19:46:03.0171 7144 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    19:46:03.0172 7144 BrUsbMdm - ok
    19:46:03.0179 7144 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    19:46:03.0180 7144 BrUsbSer - ok
    19:46:03.0196 7144 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    19:46:03.0198 7144 BTHMODEM - ok
    19:46:03.0228 7144 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    19:46:03.0229 7144 bthserv - ok
    19:46:03.0310 7144 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_MCLIENT C:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
    19:46:03.0312 7144 ccSet_MCLIENT - ok
    19:46:03.0344 7144 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    19:46:03.0346 7144 cdfs - ok
    19:46:03.0377 7144 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    19:46:03.0379 7144 cdrom - ok
    19:46:03.0425 7144 [ 91D0953E414E475878D07EE79765C17C ] CEEBC40A-FDED-4C59-B354-939132350B01 C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
    19:46:03.0426 7144 CEEBC40A-FDED-4C59-B354-939132350B01 - ok
    19:46:03.0454 7144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    19:46:03.0455 7144 CertPropSvc - ok
    19:46:03.0472 7144 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
    19:46:03.0474 7144 circlass - ok
    19:46:03.0501 7144 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    19:46:03.0503 7144 CLFS - ok
    19:46:03.0562 7144 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:46:03.0564 7144 clr_optimization_v2.0.50727_32 - ok
    19:46:03.0592 7144 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:46:03.0594 7144 clr_optimization_v2.0.50727_64 - ok
    19:46:03.0652 7144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:46:03.0674 7144 clr_optimization_v4.0.30319_32 - ok
    19:46:03.0700 7144 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:46:03.0707 7144 clr_optimization_v4.0.30319_64 - ok
    19:46:03.0732 7144 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    19:46:03.0733 7144 CmBatt - ok
    19:46:03.0755 7144 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    19:46:03.0756 7144 cmdide - ok
    19:46:03.0804 7144 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    19:46:03.0808 7144 CNG - ok
    19:46:03.0824 7144 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    19:46:03.0825 7144 Compbatt - ok
    19:46:03.0838 7144 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    19:46:03.0840 7144 CompositeBus - ok
    19:46:03.0858 7144 COMSysApp - ok
    19:46:03.0874 7144 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    19:46:03.0875 7144 crcdisk - ok
    19:46:03.0922 7144 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    19:46:03.0924 7144 CryptSvc - ok
    19:46:03.0955 7144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    19:46:03.0958 7144 DcomLaunch - ok
    19:46:03.0986 7144 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    19:46:03.0988 7144 defragsvc - ok
    19:46:04.0054 7144 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
    19:46:04.0056 7144 Desura Install Service - ok
    19:46:04.0080 7144 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    19:46:04.0081 7144 DfsC - ok
    19:46:04.0113 7144 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    19:46:04.0115 7144 Dhcp - ok
    19:46:04.0142 7144 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    19:46:04.0143 7144 discache - ok
    19:46:04.0170 7144 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
    19:46:04.0171 7144 Disk - ok
    19:46:04.0195 7144 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    19:46:04.0197 7144 Dnscache - ok
    19:46:04.0236 7144 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    19:46:04.0238 7144 dot3svc - ok
    19:46:04.0256 7144 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    19:46:04.0258 7144 DPS - ok
    19:46:04.0281 7144 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    19:46:04.0282 7144 drmkaud - ok
    19:46:04.0310 7144 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    19:46:04.0316 7144 DXGKrnl - ok
    19:46:04.0350 7144 [ 52A482DC61F24B498C8268866B90BB44 ] e1kexpress C:\windows\system32\DRIVERS\e1k62x64.sys
    19:46:04.0352 7144 e1kexpress - ok
    19:46:04.0386 7144 EagleX64 - ok
    19:46:04.0410 7144 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    19:46:04.0411 7144 EapHost - ok
    19:46:04.0469 7144 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    19:46:04.0504 7144 ebdrv - ok
    19:46:04.0541 7144 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    19:46:04.0543 7144 EFS - ok
    19:46:04.0601 7144 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    19:46:04.0605 7144 ehRecvr - ok
    19:46:04.0636 7144 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    19:46:04.0637 7144 ehSched - ok
    19:46:04.0673 7144 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    19:46:04.0680 7144 elxstor - ok
    19:46:04.0691 7144 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    19:46:04.0692 7144 ErrDev - ok
    19:46:04.0728 7144 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    19:46:04.0731 7144 EventSystem - ok
    19:46:04.0751 7144 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    19:46:04.0754 7144 exfat - ok
    19:46:04.0772 7144 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    19:46:04.0775 7144 fastfat - ok
    19:46:04.0802 7144 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    19:46:04.0809 7144 Fax - ok
    19:46:04.0831 7144 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
    19:46:04.0833 7144 fdc - ok
    19:46:04.0845 7144 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    19:46:04.0846 7144 fdPHost - ok
    19:46:04.0853 7144 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    19:46:04.0855 7144 FDResPub - ok
    19:46:04.0872 7144 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    19:46:04.0873 7144 FileInfo - ok
    19:46:04.0886 7144 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    19:46:04.0887 7144 Filetrace - ok
    19:46:04.0947 7144 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    19:46:04.0962 7144 FLEXnet Licensing Service 64 - ok
    19:46:04.0978 7144 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    19:46:04.0979 7144 flpydisk - ok
    19:46:05.0009 7144 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    19:46:05.0011 7144 FltMgr - ok
    19:46:05.0043 7144 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    19:46:05.0049 7144 FontCache - ok
    19:46:05.0085 7144 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:46:05.0087 7144 FontCache3.0.0.0 - ok
    19:46:05.0106 7144 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    19:46:05.0107 7144 FsDepends - ok
    19:46:05.0172 7144 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
    19:46:05.0173 7144 fssfltr - ok
    19:46:05.0279 7144 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    19:46:05.0287 7144 fsssvc - ok
    19:46:05.0362 7144 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    19:46:05.0363 7144 Fs_Rec - ok
    19:46:05.0392 7144 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    19:46:05.0394 7144 fvevol - ok
    19:46:05.0413 7144 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    19:46:05.0419 7144 gagp30kx - ok
    19:46:05.0481 7144 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    19:46:05.0482 7144 GEARAspiWDM - ok
    19:46:05.0511 7144 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    19:46:05.0516 7144 gpsvc - ok
    19:46:05.0591 7144 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:46:05.0593 7144 gupdate - ok
    19:46:05.0612 7144 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:46:05.0614 7144 gupdatem - ok
    19:46:05.0639 7144 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:46:05.0642 7144 gusvc - ok
    19:46:05.0664 7144 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    19:46:05.0666 7144 hcw85cir - ok
    19:46:05.0697 7144 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    19:46:05.0701 7144 HdAudAddService - ok
    19:46:05.0714 7144 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    19:46:05.0716 7144 HDAudBus - ok
    19:46:05.0729 7144 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    19:46:05.0730 7144 HECIx64 - ok
    19:46:05.0740 7144 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    19:46:05.0742 7144 HidBatt - ok
    19:46:05.0756 7144 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    19:46:05.0758 7144 HidBth - ok
    19:46:05.0769 7144 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    19:46:05.0771 7144 HidIr - ok
    19:46:05.0797 7144 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    19:46:05.0798 7144 hidserv - ok
    19:46:05.0840 7144 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    19:46:05.0841 7144 HidUsb - ok
    19:46:05.0933 7144 [ E4EF2B270971648EEBED0EEE39A6D594 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    19:46:05.0934 7144 HiPatchService - ok
    19:46:05.0962 7144 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    19:46:05.0965 7144 hkmsvc - ok
    19:46:05.0991 7144 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    19:46:05.0994 7144 HomeGroupListener - ok
    19:46:06.0024 7144 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    19:46:06.0026 7144 HomeGroupProvider - ok
    19:46:06.0056 7144 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    19:46:06.0058 7144 HpSAMD - ok
    19:46:06.0096 7144 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    19:46:06.0100 7144 HTTP - ok
    19:46:06.0116 7144 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    19:46:06.0117 7144 hwpolicy - ok
    19:46:06.0137 7144 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    19:46:06.0139 7144 i8042prt - ok
    19:46:06.0169 7144 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    19:46:06.0172 7144 iaStor - ok
    19:46:06.0235 7144 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    19:46:06.0236 7144 IAStorDataMgrSvc - ok
    19:46:06.0276 7144 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    19:46:06.0281 7144 iaStorV - ok
    19:46:06.0329 7144 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:46:06.0338 7144 idsvc - ok
    19:46:06.0510 7144 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    19:46:06.0611 7144 igfx - ok
    19:46:06.0659 7144 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    19:46:06.0661 7144 iirsp - ok
    19:46:06.0701 7144 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    19:46:06.0710 7144 IKEEXT - ok
    19:46:06.0760 7144 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    19:46:06.0770 7144 IntcAzAudAddService - ok
    19:46:06.0817 7144 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
    19:46:06.0821 7144 IntcDAud - ok
    19:46:06.0838 7144 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    19:46:06.0840 7144 intelide - ok
    19:46:06.0877 7144 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    19:46:06.0878 7144 intelppm - ok
    19:46:06.0902 7144 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    19:46:06.0904 7144 IPBusEnum - ok
    19:46:06.0934 7144 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    19:46:06.0936 7144 IpFilterDriver - ok
    19:46:06.0985 7144 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    19:46:06.0988 7144 iphlpsvc - ok
    19:46:07.0014 7144 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    19:46:07.0016 7144 IPMIDRV - ok
    19:46:07.0035 7144 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    19:46:07.0037 7144 IPNAT - ok
    19:46:07.0123 7144 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:46:07.0128 7144 iPod Service - ok
    19:46:07.0154 7144 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM
  8. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    CONTINUED

    C:\windows\system32\drivers\irenum.sys
    19:46:07.0154 7144 IRENUM - ok
    19:46:07.0170 7144 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    19:46:07.0171 7144 isapnp - ok
    19:46:07.0196 7144 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    19:46:07.0200 7144 iScsiPrt - ok
    19:46:07.0221 7144 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    19:46:07.0222 7144 kbdclass - ok
    19:46:07.0236 7144 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    19:46:07.0237 7144 kbdhid - ok
    19:46:07.0251 7144 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    19:46:07.0252 7144 KeyIso - ok
    19:46:07.0297 7144 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    19:46:07.0299 7144 KSecDD - ok
    19:46:07.0346 7144 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    19:46:07.0348 7144 KSecPkg - ok
    19:46:07.0365 7144 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    19:46:07.0366 7144 ksthunk - ok
    19:46:07.0401 7144 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    19:46:07.0406 7144 KtmRm - ok
    19:46:07.0443 7144 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    19:46:07.0446 7144 LanmanServer - ok
    19:46:07.0474 7144 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    19:46:07.0476 7144 LanmanWorkstation - ok
    19:46:07.0546 7144 [ 57EAD1CA5C1FFC88905FD96B119BB286 ] LenovoCOMSvc C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
    19:46:07.0547 7144 LenovoCOMSvc - ok
    19:46:07.0564 7144 [ 47F2B11A3567AA0E921EDAB0969E7AA7 ] LitModeCtrl C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
    19:46:07.0566 7144 LitModeCtrl - ok
    19:46:07.0600 7144 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    19:46:07.0601 7144 lltdio - ok
    19:46:07.0631 7144 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    19:46:07.0636 7144 lltdsvc - ok
    19:46:07.0666 7144 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    19:46:07.0668 7144 lmhosts - ok
    19:46:07.0714 7144 [ E38775922D4A4C05B5D96733AB4CE169 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    19:46:07.0717 7144 LMS - ok
    19:46:07.0740 7144 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    19:46:07.0743 7144 LSI_FC - ok
    19:46:07.0756 7144 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    19:46:07.0758 7144 LSI_SAS - ok
    19:46:07.0773 7144 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    19:46:07.0774 7144 LSI_SAS2 - ok
    19:46:07.0792 7144 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    19:46:07.0794 7144 LSI_SCSI - ok
    19:46:07.0821 7144 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    19:46:07.0822 7144 luafv - ok
    19:46:07.0868 7144 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\windows\system32\DRIVERS\lv302a64.sys
    19:46:07.0870 7144 lvpepf64 - ok
    19:46:07.0900 7144 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
    19:46:07.0908 7144 LVRS64 - ok
    19:46:07.0925 7144 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\windows\system32\DRIVERS\LVUSBS64.sys
    19:46:07.0926 7144 LVUSBS64 - ok
    19:46:07.0996 7144 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    19:46:07.0998 7144 McAfee SiteAdvisor Service - ok
    19:46:08.0030 7144 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    19:46:08.0034 7144 McComponentHostService - ok
    19:46:08.0123 7144 [ 4A9258B9597A31DB68EC9740F3A8A70B ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
    19:46:08.0125 7144 MCLIENT - ok
    19:46:08.0145 7144 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    19:46:08.0148 7144 Mcx2Svc - ok
    19:46:08.0172 7144 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    19:46:08.0174 7144 megasas - ok
    19:46:08.0189 7144 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    19:46:08.0193 7144 MegaSR - ok
    19:46:08.0219 7144 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    19:46:08.0221 7144 MMCSS - ok
    19:46:08.0231 7144 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    19:46:08.0233 7144 Modem - ok
    19:46:08.0259 7144 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    19:46:08.0259 7144 monitor - ok
    19:46:08.0292 7144 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    19:46:08.0293 7144 mouclass - ok
    19:46:08.0315 7144 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    19:46:08.0316 7144 mouhid - ok
    19:46:08.0337 7144 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    19:46:08.0338 7144 mountmgr - ok
    19:46:08.0426 7144 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    19:46:08.0428 7144 MozillaMaintenance - ok
    19:46:08.0441 7144 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    19:46:08.0445 7144 mpio - ok
    19:46:08.0472 7144 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    19:46:08.0473 7144 mpsdrv - ok
    19:46:08.0505 7144 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    19:46:08.0510 7144 MpsSvc - ok
    19:46:08.0536 7144 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    19:46:08.0538 7144 MRxDAV - ok
    19:46:08.0596 7144 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    19:46:08.0597 7144 mrxsmb - ok
    19:46:08.0623 7144 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    19:46:08.0625 7144 mrxsmb10 - ok
    19:46:08.0647 7144 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    19:46:08.0648 7144 mrxsmb20 - ok
    19:46:08.0671 7144 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    19:46:08.0672 7144 msahci - ok
    19:46:08.0678 7144 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    19:46:08.0683 7144 msdsm - ok
    19:46:08.0699 7144 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    19:46:08.0702 7144 MSDTC - ok
    19:46:08.0723 7144 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    19:46:08.0724 7144 Msfs - ok
    19:46:08.0734 7144 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    19:46:08.0735 7144 mshidkmdf - ok
    19:46:08.0751 7144 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    19:46:08.0751 7144 msisadrv - ok
    19:46:08.0790 7144 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    19:46:08.0793 7144 MSiSCSI - ok
    19:46:08.0801 7144 msiserver - ok
    19:46:08.0832 7144 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    19:46:08.0833 7144 MSKSSRV - ok
    19:46:08.0844 7144 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    19:46:08.0845 7144 MSPCLOCK - ok
    19:46:08.0866 7144 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    19:46:08.0867 7144 MSPQM - ok
    19:46:08.0899 7144 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    19:46:08.0902 7144 MsRPC - ok
    19:46:08.0934 7144 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    19:46:08.0935 7144 mssmbios - ok
    19:46:08.0954 7144 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    19:46:08.0955 7144 MSTEE - ok
    19:46:08.0971 7144 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    19:46:08.0973 7144 MTConfig - ok
    19:46:08.0994 7144 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    19:46:08.0995 7144 Mup - ok
    19:46:09.0022 7144 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    19:46:09.0028 7144 napagent - ok
    19:46:09.0062 7144 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    19:46:09.0065 7144 NativeWifiP - ok
    19:46:09.0124 7144 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    19:46:09.0129 7144 NDIS - ok
    19:46:09.0147 7144 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    19:46:09.0149 7144 NdisCap - ok
    19:46:09.0169 7144 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    19:46:09.0170 7144 NdisTapi - ok
    19:46:09.0190 7144 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    19:46:09.0192 7144 Ndisuio - ok
    19:46:09.0224 7144 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    19:46:09.0227 7144 NdisWan - ok
    19:46:09.0256 7144 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    19:46:09.0257 7144 NDProxy - ok
    19:46:09.0283 7144 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    19:46:09.0285 7144 NetBIOS - ok
    19:46:09.0312 7144 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    19:46:09.0315 7144 NetBT - ok
    19:46:09.0325 7144 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    19:46:09.0327 7144 Netlogon - ok
    19:46:09.0354 7144 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    19:46:09.0357 7144 Netman - ok
    19:46:09.0393 7144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:46:09.0395 7144 NetMsmqActivator - ok
    19:46:09.0418 7144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:46:09.0420 7144 NetPipeActivator - ok
    19:46:09.0436 7144 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    19:46:09.0439 7144 netprofm - ok
    19:46:09.0445 7144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:46:09.0446 7144 NetTcpActivator - ok
    19:46:09.0453 7144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:46:09.0454 7144 NetTcpPortSharing - ok
    19:46:09.0471 7144 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    19:46:09.0473 7144 nfrd960 - ok
    19:46:09.0511 7144 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
    19:46:09.0514 7144 NlaSvc - ok
    19:46:09.0525 7144 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    19:46:09.0527 7144 Npfs - ok
    19:46:09.0542 7144 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    19:46:09.0544 7144 nsi - ok
    19:46:09.0560 7144 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    19:46:09.0561 7144 nsiproxy - ok
    19:46:09.0619 7144 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    19:46:09.0634 7144 Ntfs - ok
    19:46:09.0647 7144 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    19:46:09.0648 7144 Null - ok
    19:46:09.0699 7144 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
    19:46:09.0700 7144 NVHDA - ok
    19:46:09.0935 7144 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
    19:46:09.0995 7144 nvlddmkm - ok
    19:46:10.0020 7144 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    19:46:10.0022 7144 nvraid - ok
    19:46:10.0046 7144 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    19:46:10.0049 7144 nvstor - ok
    19:46:10.0110 7144 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] NVSvc C:\windows\system32\nvvsvc.exe
    19:46:10.0115 7144 NVSvc - ok
    19:46:10.0178 7144 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    19:46:10.0191 7144 nvUpdatusService - ok
    19:46:10.0220 7144 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    19:46:10.0222 7144 nv_agp - ok
    19:46:10.0320 7144 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:46:10.0325 7144 odserv - ok
    19:46:10.0344 7144 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    19:46:10.0347 7144 ohci1394 - ok
    19:46:10.0434 7144 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:46:10.0441 7144 ose - ok
    19:46:10.0584 7144 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:46:10.0630 7144 osppsvc - ok
    19:46:10.0649 7144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    19:46:10.0653 7144 p2pimsvc - ok
    19:46:10.0687 7144 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    19:46:10.0691 7144 p2psvc - ok
    19:46:10.0717 7144 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
    19:46:10.0719 7144 Parport - ok
    19:46:10.0757 7144 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    19:46:10.0758 7144 partmgr - ok
    19:46:10.0771 7144 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    19:46:10.0773 7144 PcaSvc - ok
    19:46:10.0794 7144 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    19:46:10.0796 7144 pci - ok
    19:46:10.0830 7144 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    19:46:10.0831 7144 pciide - ok
    19:46:10.0853 7144 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    19:46:10.0856 7144 pcmcia - ok
    19:46:10.0878 7144 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    19:46:10.0879 7144 pcw - ok
    19:46:10.0902 7144 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    19:46:10.0909 7144 PEAUTH - ok
    19:46:10.0976 7144 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    19:46:10.0978 7144 PerfHost - ok
    19:46:11.0069 7144 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\windows\system32\DRIVERS\LV302V64.SYS
    19:46:11.0095 7144 PID_PEPI - ok
    19:46:11.0137 7144 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    19:46:11.0145 7144 pla - ok
    19:46:11.0204 7144 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    19:46:11.0207 7144 PlugPlay - ok
    19:46:11.0238 7144 PnkBstrA - ok
    19:46:11.0259 7144 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    19:46:11.0261 7144 PNRPAutoReg - ok
    19:46:11.0282 7144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    19:46:11.0286 7144 PNRPsvc - ok
    19:46:11.0310 7144 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    19:46:11.0316 7144 PolicyAgent - ok
    19:46:11.0342 7144 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    19:46:11.0344 7144 Power - ok
    19:46:11.0362 7144 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    19:46:11.0364 7144 PptpMiniport - ok
    19:46:11.0388 7144 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
    19:46:11.0390 7144 Processor - ok
    19:46:11.0434 7144 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    19:46:11.0436 7144 ProfSvc - ok
    19:46:11.0450 7144 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    19:46:11.0452 7144 ProtectedStorage - ok
    19:46:11.0485 7144 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    19:46:11.0486 7144 Psched - ok
    19:46:11.0510 7144 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
    19:46:11.0510 7144 PxHlpa64 - ok
    19:46:11.0541 7144 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    19:46:11.0557 7144 ql2300 - ok
    19:46:11.0576 7144 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    19:46:11.0578 7144 ql40xx - ok
    19:46:11.0605 7144 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    19:46:11.0608 7144 QWAVE - ok
    19:46:11.0627 7144 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    19:46:11.0628 7144 QWAVEdrv - ok
    19:46:11.0653 7144 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    19:46:11.0654 7144 RasAcd - ok
    19:46:11.0693 7144 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    19:46:11.0695 7144 RasAgileVpn - ok
    19:46:11.0712 7144 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    19:46:11.0714 7144 RasAuto - ok
    19:46:11.0744 7144 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    19:46:11.0746 7144 Rasl2tp - ok
    19:46:11.0775 7144 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    19:46:11.0778 7144 RasMan - ok
    19:46:11.0795 7144 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    19:46:11.0797 7144 RasPppoe - ok
    19:46:11.0817 7144 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    19:46:11.0819 7144 RasSstp - ok
    19:46:11.0841 7144 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    19:46:11.0845 7144 rdbss - ok
    19:46:11.0865 7144 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    19:46:11.0867 7144 rdpbus - ok
    19:46:11.0884 7144 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    19:46:11.0885 7144 RDPCDD - ok
    19:46:11.0914 7144 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    19:46:11.0915 7144 RDPENCDD - ok
    19:46:11.0926 7144 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    19:46:11.0927 7144 RDPREFMP - ok
    19:46:11.0967 7144 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    19:46:11.0970 7144 RDPWD - ok
    19:46:12.0003 7144 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    19:46:12.0006 7144 rdyboost - ok
    19:46:12.0027 7144 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    19:46:12.0029 7144 RemoteAccess - ok
    19:46:12.0048 7144 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    19:46:12.0051 7144 RemoteRegistry - ok
    19:46:12.0078 7144 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    19:46:12.0080 7144 RpcEptMapper - ok
    19:46:12.0090 7144 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    19:46:12.0092 7144 RpcLocator - ok
    19:46:12.0122 7144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    19:46:12.0126 7144 RpcSs - ok
    19:46:12.0150 7144 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    19:46:12.0151 7144 rspndr - ok
    19:46:12.0191 7144 [ B1D04ED92D148B54169499D9568A3C55 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    19:46:12.0193 7144 RSUSBSTOR - ok
    19:46:12.0211 7144 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64 C:\windows\system32\DRIVERS\Rtnic64.sys
    19:46:12.0213 7144 RTL8023x64 - ok
    19:46:12.0221 7144 RtsUIR - ok
    19:46:12.0234 7144 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    19:46:12.0235 7144 SamSs - ok
    19:46:12.0263 7144 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    19:46:12.0266 7144 sbp2port - ok
    19:46:12.0289 7144 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    19:46:12.0292 7144 SCardSvr - ok
    19:46:12.0358 7144 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\windows\system32\drivers\SCDEmu.sys
    19:46:12.0359 7144 SCDEmu - ok
    19:46:12.0386 7144 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    19:46:12.0387 7144 scfilter - ok
    19:46:12.0426 7144 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    19:46:12.0433 7144 Schedule - ok
    19:46:12.0463 7144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    19:46:12.0464 7144 SCPolicySvc - ok
    19:46:12.0488 7144 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    19:46:12.0491 7144 SDRSVC - ok
    19:46:12.0521 7144 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    19:46:12.0523 7144 secdrv - ok
    19:46:12.0533 7144 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    19:46:12.0534 7144 seclogon - ok
    19:46:12.0566 7144 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    19:46:12.0569 7144 SENS - ok
    19:46:12.0593 7144 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    19:46:12.0595 7144 SensrSvc - ok
    19:46:12.0619 7144 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    19:46:12.0620 7144 Serenum - ok
    19:46:12.0641 7144 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
    19:46:12.0643 7144 Serial - ok
    19:46:12.0663 7144 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    19:46:12.0665 7144 sermouse - ok
    19:46:12.0703 7144 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    19:46:12.0706 7144 SessionEnv - ok
    19:46:12.0736 7144 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    19:46:12.0737 7144 sffdisk - ok19:46:12.0752 7144 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    19:46:12.0753 7144 sffp_mmc - ok
    19:46:12.0762 7144 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    19:46:12.0764 7144 sffp_sd - ok
    19:46:12.0791 7144 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    19:46:12.0793 7144 sfloppy - ok
    19:46:12.0818 7144 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    19:46:12.0821 7144 SharedAccess - ok
    19:46:12.0851 7144 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    19:46:12.0854 7144 ShellHWDetection - ok
    19:46:12.0881 7144 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    19:46:12.0882 7144 SiSRaid2 - ok
    19:46:12.0899 7144 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    19:46:12.0901 7144 SiSRaid4 - ok
    19:46:12.0929 7144 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    19:46:12.0931 7144 Smb - ok
    19:46:12.0968 7144 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    19:46:12.0970 7144 SNMPTRAP - ok
    19:46:12.0979 7144 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    19:46:12.0980 7144 spldr - ok
    19:46:13.0020 7144 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    19:46:13.0024 7144 Spooler - ok
    19:46:13.0085 7144 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    19:46:13.0104 7144 sppsvc - ok
    19:46:13.0121 7144 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    19:46:13.0124 7144 sppuinotify - ok
    19:46:13.0172 7144 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    19:46:13.0177 7144 srv - ok
    19:46:13.0194 7144 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    19:46:13.0198 7144 srv2 - ok
    19:46:13.0221 7144 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    19:46:13.0223 7144 srvnet - ok
    19:46:13.0263 7144 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    19:46:13.0266 7144 SSDPSRV - ok
    19:46:13.0282 7144 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    19:46:13.0284 7144 SstpSvc - ok
    19:46:13.0320 7144 Steam Client Service - ok
    19:46:13.0428 7144 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    19:46:13.0431 7144 Stereo Service - ok
    19:46:13.0453 7144 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    19:46:13.0454 7144 stexstor - ok
    19:46:13.0484 7144 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
    19:46:13.0485 7144 StillCam - ok
    19:46:13.0516 7144 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    19:46:13.0521 7144 stisvc - ok
    19:46:13.0542 7144 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    19:46:13.0543 7144 swenum - ok
    19:46:13.0581 7144 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    19:46:13.0586 7144 swprv - ok
    19:46:13.0627 7144 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    19:46:13.0637 7144 SysMain - ok
    19:46:13.0660 7144 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    19:46:13.0662 7144 TabletInputService - ok
    19:46:13.0685 7144 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    19:46:13.0689 7144 TapiSrv - ok
    19:46:13.0705 7144 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    19:46:13.0707 7144 TBS - ok
    19:46:13.0764 7144 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    19:46:13.0774 7144 Tcpip - ok
    19:46:13.0816 7144 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    19:46:13.0825 7144 TCPIP6 - ok
    19:46:13.0838 7144 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    19:46:13.0839 7144 tcpipreg - ok
    19:46:13.0870 7144 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    19:46:13.0871 7144 TDPIPE - ok
    19:46:13.0909 7144 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    19:46:13.0910 7144 TDTCP - ok
    19:46:13.0934 7144 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    19:46:13.0937 7144 tdx - ok
    19:46:14.0045 7144 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    19:46:14.0058 7144 TeamViewer6 - ok
    19:46:14.0079 7144 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    19:46:14.0081 7144 TermDD - ok
    19:46:14.0114 7144 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    19:46:14.0119 7144 TermService - ok
    19:46:14.0134 7144 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    19:46:14.0136 7144 Themes - ok
    19:46:14.0160 7144 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    19:46:14.0162 7144 THREADORDER - ok
    19:46:14.0175 7144 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    19:46:14.0177 7144 TrkWks - ok
    19:46:14.0217 7144 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    19:46:14.0219 7144 TrustedInstaller - ok
    19:46:14.0253 7144 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    19:46:14.0254 7144 tssecsrv - ok
    19:46:14.0313 7144 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    19:46:14.0315 7144 TsUsbFlt - ok
    19:46:14.0348 7144 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    19:46:14.0351 7144 tunnel - ok
    19:46:14.0370 7144 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    19:46:14.0372 7144 uagp35 - ok
    19:46:14.0388 7144 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    19:46:14.0393 7144 udfs - ok
    19:46:14.0423 7144 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    19:46:14.0425 7144 UI0Detect - ok
    19:46:14.0445 7144 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    19:46:14.0447 7144 uliagpkx - ok
    19:46:14.0478 7144 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
    19:46:14.0480 7144 umbus - ok
    19:46:14.0497 7144 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    19:46:14.0498 7144 UmPass - ok
    19:46:14.0588 7144 [ 02C298382359653BEC4C737C2AB7F9C5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    19:46:14.0600 7144 UNS - ok
    19:46:14.0690 7144 [ 7CCF424450AF71461CA5ACA14FB45B72 ] Updater Service for StartNow Toolbar C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    19:46:14.0693 7144 Updater Service for StartNow Toolbar - ok
    19:46:14.0723 7144 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    19:46:14.0726 7144 upnphost - ok
    19:46:14.0774 7144 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    19:46:14.0776 7144 USBAAPL64 - ok
    19:46:14.0825 7144 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
    19:46:14.0827 7144 usbaudio - ok
    19:46:14.0858 7144 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    19:46:14.0860 7144 usbccgp - ok
    19:46:14.0869 7144 USBCCID - ok
    19:46:14.0898 7144 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    19:46:14.0901 7144 usbcir - ok
    19:46:14.0931 7144 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    19:46:14.0933 7144 usbehci - ok
    19:46:14.0972 7144 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    19:46:14.0976 7144 usbhub - ok
    19:46:15.0004 7144 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    19:46:15.0006 7144 usbohci - ok
    19:46:15.0030 7144 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    19:46:15.0031 7144 usbprint - ok
    19:46:15.0046 7144 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    19:46:15.0048 7144 USBSTOR - ok
    19:46:15.0078 7144 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    19:46:15.0080 7144 usbuhci - ok
    19:46:15.0100 7144 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    19:46:15.0102 7144 UxSms - ok
    19:46:15.0117 7144 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    19:46:15.0118 7144 VaultSvc - ok
    19:46:15.0153 7144 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\windows\system32\DRIVERS\VClone.sys
    19:46:15.0155 7144 VClone - ok
    19:46:15.0171 7144 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    19:46:15.0172 7144 vdrvroot - ok
    19:46:15.0215 7144 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    19:46:15.0220 7144 vds - ok
    19:46:15.0239 7144 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    19:46:15.0240 7144 vga - ok
    19:46:15.0271 7144 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    19:46:15.0273 7144 VgaSave - ok
    19:46:15.0299 7144 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    19:46:15.0303 7144 vhdmp - ok
    19:46:15.0326 7144 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    19:46:15.0330 7144 viaide - ok
    19:46:15.0352 7144 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    19:46:15.0353 7144 volmgr - ok
    19:46:15.0405 7144 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    19:46:15.0408 7144 volmgrx - ok
    19:46:15.0433 7144 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    19:46:15.0438 7144 volsnap - ok
    19:46:15.0488 7144 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    19:46:15.0491 7144 vsmraid - ok
    19:46:15.0533 7144 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    19:46:15.0542 7144 VSS - ok
    19:46:15.0693 7144 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    19:46:15.0700 7144 vToolbarUpdater13.2.0 - ok
    19:46:15.0721 7144 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
    19:46:15.0722 7144 vwifibus - ok
    19:46:15.0746 7144 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    19:46:15.0749 7144 W32Time - ok
    19:46:15.0776 7144 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    19:46:15.0777 7144 WacomPen - ok
    19:46:15.0817 7144 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    19:46:15.0819 7144 WANARP - ok
    19:46:15.0828 7144 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    19:46:15.0829 7144 Wanarpv6 - ok
    19:46:15.0902 7144 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    19:46:15.0914 7144 WatAdminSvc - ok
    19:46:15.0953 7144 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    19:46:15.0961 7144 wbengine - ok
    19:46:15.0987 7144 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    19:46:15.0989 7144 WbioSrvc - ok
    19:46:16.0022 7144 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    19:46:16.0025 7144 wcncsvc - ok
    19:46:16.0038 7144 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    19:46:16.0040 7144 WcsPlugInService - ok
    19:46:16.0061 7144 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
    19:46:16.0063 7144 Wd - ok
    19:46:16.0110 7144 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    19:46:16.0114 7144 Wdf01000 - ok
    19:46:16.0141 7144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    19:46:16.0143 7144 WdiServiceHost - ok
    19:46:16.0148 7144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    19:46:16.0150 7144 WdiSystemHost - ok
    19:46:16.0180 7144 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    19:46:16.0183 7144 WebClient - ok
    19:46:16.0204 7144 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    19:46:16.0207 7144 Wecsvc - ok19:46:16.0218 7144 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    19:46:16.0220 7144 wercplsupport - ok
    19:46:16.0239 7144 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    19:46:16.0241 7144 WerSvc - ok
    19:46:16.0261 7144 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    19:46:16.0262 7144 WfpLwf - ok
    19:46:16.0283 7144 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
    19:46:16.0285 7144 WimFltr - ok
    19:46:16.0299 7144 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    19:46:16.0300 7144 WIMMount - ok
    19:46:16.0319 7144 WinDefend - ok
    19:46:16.0333 7144 WinHttpAutoProxySvc - ok
    19:46:16.0356 7144 [ 66C365B542195C1F6E2FF4A7D8F3827C ] WinI2C-DDC C:\windows\system32\drivers\DDCDrv.sys
    19:46:16.0356 7144 WinI2C-DDC - ok
    19:46:16.0406 7144 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    19:46:16.0408 7144 Winmgmt - ok
    19:46:16.0451 7144 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    19:46:16.0462 7144 WinRM - ok
    19:46:16.0533 7144 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    19:46:16.0534 7144 WinUsb - ok
    19:46:16.0579 7144 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    19:46:16.0584 7144 Wlansvc - ok
    19:46:16.0645 7144 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    19:46:16.0646 7144 wlcrasvc - ok
    19:46:16.0728 7144 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:46:16.0749 7144 wlidsvc - ok
    19:46:16.0782 7144 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    19:46:16.0783 7144 WmiAcpi - ok
    19:46:16.0813 7144 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    19:46:16.0815 7144 wmiApSrv - ok
    19:46:16.0822 7144 WMPNetworkSvc - ok
    19:46:16.0844 7144 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    19:46:16.0846 7144 WPCSvc - ok
    19:46:16.0871 7144 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    19:46:16.0873 7144 WPDBusEnum - ok
    19:46:16.0897 7144 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    19:46:16.0898 7144 ws2ifsl - ok
    19:46:16.0913 7144 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    19:46:16.0916 7144 wscsvc - ok
    19:46:16.0921 7144 WSearch - ok
    19:46:16.0950 7144 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
    19:46:16.0952 7144 wsvd - ok
    19:46:17.0016 7144 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    19:46:17.0031 7144 wuauserv - ok
    19:46:17.0069 7144 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    19:46:17.0070 7144 WudfPf - ok
    19:46:17.0118 7144 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    19:46:17.0121 7144 WUDFRd - ok
    19:46:17.0143 7144 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    19:46:17.0145 7144 wudfsvc - ok
    19:46:17.0178 7144 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    19:46:17.0181 7144 WwanSvc - ok
    19:46:17.0236 7144 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
    19:46:17.0238 7144 xusb21 - ok
    19:46:17.0264 7144 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
    19:46:17.0269 7144 yukonw7 - ok
    19:46:17.0299 7144 ================ Scan global ===============================
    19:46:17.0317 7144 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    19:46:17.0357 7144 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    19:46:17.0368 7144 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    19:46:17.0396 7144 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    19:46:17.0408 7144 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    19:46:17.0412 7144 [Global] - ok
    19:46:17.0415 7144 ================ Scan MBR ==================================
    19:46:17.0426 7144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:46:17.0572 7144 \Device\Harddisk0\DR0 - ok
    19:46:17.0575 7144 ================ Scan VBR ==================================
    19:46:17.0579 7144 [ 536F61D106B6EA7B5CE2125584DA2878 ] \Device\Harddisk0\DR0\Partition1
    19:46:17.0580 7144 \Device\Harddisk0\DR0\Partition1 - ok
    19:46:17.0591 7144 [ BE109F4851C00386620E3FFC9FF2C4A9 ] \Device\Harddisk0\DR0\Partition2
    19:46:17.0592 7144 \Device\Harddisk0\DR0\Partition2 - ok
    19:46:17.0595 7144 ============================================================
    19:46:17.0595 7144 Scan finished
    19:46:17.0595 7144 ============================================================
    19:46:17.0605 2112 Detected object count: 0
    19:46:17.0605 2112 Actual detected object count: 0
  9. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    ROUGE KILLER LOG

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Tony&Theodore [Admin rights]
    Mode : Remove -- Date : 11/14/2012 19:52:19

    ¤¤¤ Bad processes : 12 ¤¤¤
    [SUSP PATH] astropulse_6.01_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe -> KILLED [TermProc]
    [SUSP PATH] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [SUSP PATH] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [SUSP PATH] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] astropulse_6.01_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] astropulse_6.01_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]
    [RESIDUE] setiathome_6.03_windows_intelx86.exe -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
    --- User ---
    [MBR] bba162d7cca2a2163f510207e11cfa2d
    [BSP] 461fbea4cadd00c28b744022f5bdbf89 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 928093 Mo
    2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1900941312 | Size: 25675 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11142012_02d1952.txt >>
    RKreport[1]_S_11142012_02d1951.txt ; RKreport[2]_D_11142012_02d1952.txt


    ASWMBR LOG

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-14 19:54:57
    -----------------------------
    19:54:57.521 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:54:57.521 Number of processors: 4 586 0x2502
    19:54:57.523 ComputerName: TONYTHEODOREPC UserName: Tony&Theodore
    19:54:59.904 Initialize success
    19:55:41.792 AVAST engine defs: 12111401
    19:55:44.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:55:44.957 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
    19:55:44.969 Disk 0 MBR read successfully
    19:55:44.971 Disk 0 MBR scan
    19:55:44.975 Disk 0 Windows 7 default MBR code
    19:55:44.979 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:55:44.992 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 928093 MB offset 206848
    19:55:45.030 Disk 0 Partition 3 00 12 Compaq diag NTFS 25675 MB offset 1900941312
    19:55:45.073 Disk 0 scanning C:\windows\system32\drivers
    19:55:56.923 Service scanning
    19:56:20.334 Modules scanning
    19:56:20.342 Disk 0 trace - called modules:
    19:56:20.385 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    19:56:20.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079ad5d0]
    19:56:20.396 3 CLASSPNP.SYS[fffff8800192d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077d2050]
    19:56:22.620 AVAST engine scan C:\windows
    19:56:25.836 AVAST engine scan C:\windows\system32
    19:59:53.226 AVAST engine scan C:\windows\system32\drivers
    20:00:07.034 AVAST engine scan C:\Users\Tony&Theodore
    20:09:33.512 AVAST engine scan C:\ProgramData
    20:21:57.198 Scan finished successfully
    20:28:19.296 Disk 0 MBR has been saved successfully to "C:\Users\Tony&Theodore\Desktop\MBR.dat"
    20:28:19.300 The log file has been saved successfully to "C:\Users\Tony&Theodore\Desktop\aswMBR.txt"
  10. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =========================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    I noticed scrolling through one of the logs that one of the issues is seti at home. I suppose it is an issue but I downloaded it willingly to contribute to science, I will follow your instructions tomorrow since I have no time now but just as a side note I do not believe seti is a virus, but an application that uses memory, if I uninstall it and rerun the scans before, will it give you more accurate data or should I continue on the post above?
  12. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    If it comes from a legit source you can reinstall it when we're done.
    For now go ahead with Combofix.
  13. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    I just ran combofix, I did have a few issues but they were fixed with the help of your extra help.
    Here is the log below

    ComboFix 12-11-15.01 - Tony&Theodore 11/15/2012 15:24:27.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5934 [GMT -5:00]
    Running from: c:\users\Tony&Theodore\Downloads\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\FREEzeFrog
    c:\program files (x86)\Shop to Win
    c:\program files (x86)\Shop to Win\InstallNotifier.exe
    c:\program files (x86)\Shop to Win\STWSetup-FF.exe
    c:\program files (x86)\Shop to Win\unins000.dat
    c:\program files (x86)\Shop to Win\unins000.exe
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
    c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\users\Tony&Theodore\AppData\Roaming\6ffb238c.dat
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-15 20:36 . 2012-11-15 20:36--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-11-15 20:36 . 2012-11-15 20:36--------d-----w-c:\users\Tony\AppData\Local\temp
    2012-11-15 20:36 . 2012-11-15 20:36--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-14 02:49 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-14 02:49 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-14 02:49 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 02:49 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-14 02:43 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-14 02:43 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-14 02:43 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-14 02:43 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-14 02:43 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-14 02:43 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-14 02:43 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-11-13 22:16 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2012-11-13 22:16 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2012-11-13 02:25 . 2012-11-13 02:25--------d-----w-c:\program files (x86)\Common Files\Java
    2012-11-13 02:25 . 2012-11-13 02:25821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-11-13 02:25 . 2012-11-13 02:2595208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-11 14:34 . 2012-11-11 14:34--------d-----w-c:\users\Tony\AppData\Roaming\NVIDIA
    2012-11-06 01:09 . 2012-11-15 20:36--------d-----w-c:\programdata\BOINC
    2012-11-06 01:09 . 2012-11-06 01:10--------d-----w-c:\program files\BOINC
    2012-11-06 01:08 . 2012-11-06 01:08--------d-----w-c:\windows\Downloaded Installations
    2012-11-01 21:06 . 2012-11-08 22:17--------d-----w-C:\Foldit
    2012-10-29 22:32 . 2012-10-29 22:32--------d-----w-c:\users\Tony\AppData\Local\Logitech
    2012-10-29 18:29 . 2012-10-29 18:29--------d-----w-c:\users\Tony&Theodore\AppData\Roaming\.minecraft
    2012-10-23 21:42 . 2012-10-23 21:42--------d-----w-c:\windows\system32\drivers\MCLIENTx64\0302000.013
    2012-10-21 22:39 . 2012-10-21 22:39--------d-----w-c:\program files (x86)\Eidos Interactive
    2012-10-19 19:51 . 2012-10-19 19:52--------d-----w-C:\webGalleryCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-14 23:54 . 2012-07-03 17:32283032----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-11-14 23:54 . 2012-07-03 17:27283032----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-11-14 23:53 . 2012-07-03 17:27298016----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2012-11-14 02:43 . 2011-03-03 21:1966395536----a-w-c:\windows\system32\MRT.exe
    2012-11-13 02:25 . 2011-03-14 00:39746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-11-08 19:48 . 2012-09-04 19:0530568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-09 19:19 . 2012-04-04 18:49696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 19:19 . 2011-07-05 22:4873656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-30 00:54 . 2012-05-17 21:0325928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-14 19:19 . 2012-10-09 18:572048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-09 18:572048----a-w-c:\windows\SysWow64\tzres.dll
    2012-08-31 18:19 . 2012-10-09 18:581659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-09 18:585559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-09 18:583968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-09 18:583914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 19:43 . 2012-08-24 19:43384352----a-w-c:\windows\system32\drivers\avgtdia.sys
    2012-08-24 18:05 . 2012-10-09 18:57220160----a-w-c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-10-09 18:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-08-22 18:12 . 2012-09-11 21:57950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-11 21:57376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-11 21:57288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-25 18:52245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-08-20 18:48 . 2012-10-09 18:57243200----a-w-c:\windows\system32\wow64.dll
    2012-08-20 18:48 . 2012-10-09 18:57362496----a-w-c:\windows\system32\wow64win.dll
    2012-08-20 18:48 . 2012-10-09 18:5713312----a-w-c:\windows\system32\wow64cpu.dll
    2012-08-20 18:48 . 2012-10-09 18:57215040----a-w-c:\windows\system32\winsrv.dll
    2012-08-20 18:48 . 2012-10-09 18:5716384----a-w-c:\windows\system32\ntvdm64.dll
    2012-08-20 18:48 . 2012-10-09 18:57424448----a-w-c:\windows\system32\KernelBase.dll
    2012-08-20 18:48 . 2012-10-09 18:571162240----a-w-c:\windows\system32\kernel32.dll
    2012-08-20 18:46 . 2012-10-09 18:57338432----a-w-c:\windows\system32\conhost.exe
    2012-08-20 18:38 . 2012-10-09 18:574608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:574608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:574096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:574096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:576144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:574096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:574096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:575120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-09 18:573072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 17:40 . 2012-10-09 18:5714336----a-w-c:\windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38 . 2012-10-09 18:5744032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-20 17:38 . 2012-10-09 18:5725600----a-w-c:\windows\SysWow64\setup16.exe
    2012-08-20 17:37 . 2012-10-09 18:575120----a-w-c:\windows\SysWow64\wow32.dll
    2012-08-20 17:37 . 2012-10-09 18:57274944----a-w-c:\windows\SysWow64\KernelBase.dll
    2012-08-20 17:32 . 2012-10-09 18:575120---ha-w-c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:574608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:574096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:574096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:574096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:574096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:574096---ha-w-c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 15:38 . 2012-10-09 18:577680----a-w-c:\windows\SysWow64\instnm.exe
    2012-08-20 15:38 . 2012-10-09 18:572048----a-w-c:\windows\SysWow64\user.exe
    2012-08-20 15:33 . 2012-10-09 18:576144---ha-w-c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-09 18:574608---ha-w-c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-09 18:573584---ha-w-c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-09 18:573072---ha-w-c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2006-05-03 16:06163328--sha-r-c:\windows\SysWOW64\flvDX.dll
    2007-02-21 17:4731232--sha-r-c:\windows\SysWOW64\msfDX.dll
    2008-03-16 19:30216064--sha-r-c:\windows\SysWOW64\nbDX.dll
    2010-01-07 04:00107520--sha-r-c:\windows\SysWOW64\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{577bfa34-deb3-d944-c198-e5c5779b962a}"= "c:\program files (x86)\SocialRibbons LP5\Helper.dll" [2012-03-23 378880]
    .
    [HKEY_CLASSES_ROOT\clsid\{577bfa34-deb3-d944-c198-e5c5779b962a}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{BDFCADA9-5F0A-C814-25B7-80F5EA04B780}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CBF3FDCA-6104-1864-D931-D737D2BFC202}]
    2012-03-23 00:031615360----a-w-c:\program files (x86)\SocialRibbons LP5\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
    2011-08-17 17:15734048----a-w-c:\program files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-07-22 23:53787744----a-w-c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll" [2011-08-17 734048]
    .
    [HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
    "ModeSwitch"="c:\program files\Lenovo\Power Dial\LitModeSwitch.exe" [2009-09-27 163840]
    "Healthcare"="c:\program files\Lenovo\HealthCare\HealthCare.exe" [2009-09-28 827392]
    "CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 102400]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2011-9-3 1106432]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-07-22 131912]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-18 1431888]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
    R3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Dial\LitModeCtrl.exe [2009-09-27 81920]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-03 1255736]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 aswKbd;aswKbd; [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
    S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
    S2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2009-10-12 96752]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-11-14 8704]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Dial\LenovoCOMSvc.exe [2009-09-30 49152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]
    S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
    S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-26 219136]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:19]
    .
    2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 19:40]
    .
    2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 19:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2012-05-15 5860016]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2012-05-15 70832]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=5eafa46f0000000000004437e60934b1
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
    FF - ProfilePath - c:\users\Tony&Theodore\AppData\Roaming\Mozilla\Firefox\Profiles\8jxpji4t.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=5eafa46f0000000000004437e60934b1
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bf8531c97-2c9a-48e6-9a15-17e089bb46a9%7D&mid=72bd06e3a03947d08284957ea0eddd42-72122de935197c1896e899a68f6ec7b0bb767cf6&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-05-17%2017%3A00%3A48&sap=ku&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 5eafa46f0000000000004437e60934b1
    FF - user.js: extensions.BabylonToolbar_i.hardId - 5eafa46f0000000000004437e60934b1
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:17
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Toolbar-!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
    Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
    Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
    AddRemove-CPMP-Tools - c:\windows\system32\javaws.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
    "ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
    0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
    bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
    34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
    "{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
    f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
    "{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
    5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
    35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
    6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
    b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
    "{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,
    b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{CBF3FDCA-6104-1864-D931-D737D2BFC202}"=hex:51,66,7a,6c,4c,1d,38,12,a4,fe,e0,
    cf,36,2f,0a,5d,a6,27,94,77,d7,e1,86,16
    "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
    dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    .
    [HKEY_USERS\S-1-5-21-3718762900-4173039834-1257701688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3718762900-4173039834-1257701688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-15 15:43:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-15 20:43
    .
    Pre-Run: 590,845,120,512 bytes free
    Post-Run: 591,516,917,760 bytes free
    .
    - - End Of File - - CE50A2A8A82CAF0F0A7C404B0B7CEC89
     
  14. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    Looks good :)

    Any current issues?

    ========================

    Uninstall McAfee Security Scan Plus, typical foistware.

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    Here is the OTL.text

    OTL logfile created on: 11/15/2012 8:37:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony&Theodore\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 80.38% Memory free
    15.85 Gb Paging File | 13.24 Gb Available in Paging File | 83.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 906.34 Gb Total Space | 548.88 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
    Drive D: | 537.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: TONYTHEODOREPC | User Name: Tony&Theodore | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/15 20:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony&Theodore\Desktop\OTL.exe
    PRC - [2012/11/08 14:48:19 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/24 18:18:08 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    PRC - [2012/10/10 21:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccsvchst.exe
    PRC - [2012/08/28 17:14:58 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/07/03 12:32:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/05/15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/03 18:29:36 | 001,106,432 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    PRC - [2011/08/08 12:12:44 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    PRC - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/10/12 14:47:24 | 000,096,752 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
    PRC - [2009/09/30 13:19:30 | 000,049,152 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
    PRC - [2009/09/30 07:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 07:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/28 13:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\HealthCare\HealthCare.exe
    PRC - [2009/07/16 11:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
    PRC - [2009/06/03 22:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/14 18:19:41 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
    MOD - [2012/11/14 18:17:00 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll
    MOD - [2012/11/14 15:14:34 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
    MOD - [2012/11/14 15:14:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/14 15:14:02 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/14 15:13:54 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/14 15:13:41 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/14 15:13:35 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/14 15:13:28 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/14 15:13:27 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/14 15:13:08 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/10/24 18:18:06 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/10/24 18:18:04 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/10/24 18:18:02 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/10/24 18:18:00 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/10/24 18:17:58 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/09/03 18:29:36 | 001,106,432 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    MOD - [2011/06/14 14:19:58 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll
    MOD - [2009/09/09 11:25:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\en-us\en-us.dll
    MOD - [2009/07/16 11:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
    MOD - [2009/06/03 22:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    MOD - [2009/06/03 22:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    MOD - [2008/09/27 10:39:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\HOOK.dll
    MOD - [2007/12/31 12:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/09/18 14:20:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/09/30 13:19:30 | 000,049,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe -- (LenovoCOMSvc)
    SRV:64bit: - [2009/09/27 13:37:20 | 000,081,920 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe -- (LitModeCtrl)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/14 08:44:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/11/08 14:48:19 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/24 18:18:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/10 21:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
    SRV - [2012/10/09 14:19:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/08 14:26:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/22 09:38:57 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
    SRV - [2012/07/03 12:32:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/10/12 14:47:24 | 000,096,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)
    SRV - [2009/09/30 07:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 07:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/08 14:48:19 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/03 20:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccsetx64.sys -- (ccSet_MCLIENT)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/06 18:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/25 18:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/25 21:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/06/10 15:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 03:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/08/06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV:64bit: - [2008/07/26 14:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2008/07/26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
    DRV:64bit: - [2008/07/26 14:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
    DRV:64bit: - [2008/04/08 07:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/03/02 13:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=10...HP_ss&mntrId=5eafa46f0000000000004437e60934b1
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\URLSearchHook: {577bfa34-deb3-d944-c198-e5c5779b962a} - C:\Program Files (x86)\SocialRibbons LP5\Helper.dll ()
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=5eafa46f0000000000004437e60934b1
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{439163E2-D3AF-4AE4-B485-BEA1F08C14ED}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=3185101A-6001-4564-AD7A-FA2BED89C542
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...7b0bb767cf6&lang=en&ds=AVG&pr=fr&d=2012-05-17 17:00:48&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\SearchScopes\{CC63C12E-BE8D-44BD-9921-9D5C36F6CBA2}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=10...HP_ss&mntrId=5eafa46f0000000000004437e60934b1"
    FF - prefs.js..extensions.enabledAddons: crossriderapp2258@crossrider.com:0.83.80
    FF - prefs.js..extensions.enabledAddons: myhomepage_manishjain9@gmail.com:1.2
    FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.8
    FF - prefs.js..extensions.enabledAddons: {3fe6b000-fd7d-a4e4-edda-ef3dc5c7f32c}:1.300.428
    FF - prefs.js..extensions.enabledAddons: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.36
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
    FF - prefs.js..extensions.enabledAddons: wecarereminder@bryan:4.0.13.14
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...lang=en&pr=fr&d=2012-05-17 17:00:48&sap=ku&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tony&Theodore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/29 14:31:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 14:26:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/04/18 16:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\Extensions
    [2012/09/05 18:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\Firefox\Profiles\8jxpji4t.default\extensions
    [2012/09/05 18:49:23 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\Firefox\Profiles\8jxpji4t.default\extensions\crossriderapp2258@crossrider.com
    [2012/09/05 18:49:23 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\Firefox\Profiles\8jxpji4t.default\extensions\wecarereminder@bryan
    [2012/03/05 15:02:45 | 000,013,802 | ---- | M] () (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\extensions\myhomepage_manishjain9@gmail.com.xpi
    [2012/09/05 18:49:23 | 000,084,654 | ---- | M] () (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
    [2012/09/05 17:52:59 | 000,553,603 | ---- | M] () (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\extensions\{3fe6b000-fd7d-a4e4-edda-ef3dc5c7f32c}.xpi
    [2012/09/05 18:49:23 | 000,222,566 | ---- | M] () (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
    [2012/09/05 18:49:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\searchplugins\askcom.xml
    [2012/09/10 19:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/10 19:24:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
    [2012/09/08 14:26:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/08 14:48:20 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/04/15 12:17:40 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/09/08 14:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/08 14:26:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Tony&Theodore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: SiteAdvisor = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
    CHR - Extension: AdBlock = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
    CHR - Extension: We-Care Reminder = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
    CHR - Extension: Gmail = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Space Planet = C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0\
  16. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    Continued

    O1 HOSTS File: ([2012/11/15 15:38:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
    O2 - BHO: (SocialRibbons LP5) - {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll ()
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
    O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{962325E9-F704-4D24-A1F1-98501D95B43A}: DhcpNameServer = 192.168.1.1 71.242.0.12
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/18 14:07:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2012/05/30 14:52:56 | 000,000,094 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2002/10/06 09:08:02 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
    O32 - AutoRun File - [2002/09/20 17:20:04 | 000,053,248 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2002/09/20 17:20:06 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/15 20:36:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tony&Theodore\Desktop\OTL.exe
    [2012/11/15 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Roaming\AVG2013
    [2012/11/15 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Roaming\TuneUp Software
    [2012/11/15 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/11/15 16:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/11/15 16:55:54 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\MFAData
    [2012/11/15 16:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/11/15 16:55:54 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\Avg2013
    [2012/11/15 15:43:35 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/11/15 15:38:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/15 15:21:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/11/15 15:21:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/11/15 15:21:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/11/15 15:21:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/15 15:20:20 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/11/15 15:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/11/15 15:13:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/11/15 15:12:44 | 011,492,288 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Tony&Theodore\Desktop\AppRemover.exe
    [2012/11/15 14:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{B154F1A1-A626-4451-951C-B062582BF503}
    [2012/11/14 19:54:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tony&Theodore\Desktop\aswMBR.exe
    [2012/11/14 19:49:48 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\Desktop\RK_Quarantine
    [2012/11/14 19:45:51 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\Desktop\tdsskiller
    [2012/11/14 15:13:30 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{A23F856F-F4F6-4483-8C6D-5D8674227E22}
    [2012/11/13 16:05:27 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Tony&Theodore\Desktop\dds.com
    [2012/11/13 15:18:28 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{D1FFC2FD-9BBD-4737-8679-D1B65C7001F4}
    [2012/11/12 21:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/11/12 18:20:52 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{0E438D92-7535-4DA7-9E66-6B23C0EFBB40}
    [2012/11/11 12:57:44 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{4F5B45C4-CD3B-4F62-9783-04CC14E7CE7A}
    [2012/11/10 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\Desktop\PokeMMO-Client
    [2012/11/10 11:07:18 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{2228DF0A-8F31-437C-A7CD-A588F1A8238D}
    [2012/11/09 15:13:14 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{02B44A64-28E0-407B-85BB-D6A1A2A4EE65}
    [2012/11/08 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{670CACFB-27FB-4F4F-8CB8-FB1FE9282150}
    [2012/11/07 14:54:49 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{3F7FE5D1-C890-4E6C-87DB-A7A4F54859A8}
    [2012/11/06 11:13:19 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{5312017D-7C99-4540-905A-7BE00151D5C2}
    [2012/11/05 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
    [2012/11/05 20:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BOINC
    [2012/11/05 20:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\BOINC
    [2012/11/05 20:08:28 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
    [2012/11/05 14:57:56 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{46A50010-0179-480D-B64A-350458D69D02}
    [2012/11/04 08:58:12 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{FB20549F-819B-4480-8241-A2B3B06279A3}
    [2012/11/03 09:33:07 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{00C2B26A-31F0-4F51-B223-27826945098F}
    [2012/11/02 14:13:26 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{17DB9820-D8AA-40E6-A944-8D8348A821C7}
    [2012/11/01 16:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
    [2012/11/01 16:06:19 | 000,000,000 | ---D | C] -- C:\Foldit
    [2012/11/01 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{8D8570E7-7818-4990-BD1A-F905641FCC8E}
    [2012/10/31 13:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{3AA02ECB-16FD-4E35-912D-3DCDFE938142}
    [2012/10/30 12:45:40 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{6960295E-3251-4CD8-88D0-951F12C6336E}
    [2012/10/29 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Roaming\.minecraft
    [2012/10/29 09:07:27 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{287F85C0-53BF-4DAA-9B1E-D53F030DA175}
    [2012/10/28 14:44:25 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{2C043AA3-1D6F-4962-AE0D-AF403CCCC771}
    [2012/10/27 08:57:28 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{AA9B76B7-FB93-4123-A852-C6BAC7429F3A}
    [2012/10/26 15:15:37 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\Desktop\Backups of FINAL PROJECT
    [2012/10/26 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{44825EB0-1DB2-4772-A28B-457C63881A9B}
    [2012/10/25 14:16:49 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{6A6E8E29-6C2A-4B92-B0F6-81090C0FF6E0}
    [2012/10/24 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{7B94FCCA-713B-4B37-87AC-AAFB524CA4FC}
    [2012/10/23 13:47:08 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{368E4309-4DF4-4741-8CE3-58FFDC481565}
    [2012/10/22 13:58:25 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{C674B742-BB4D-4D2A-8DBD-69D9D51399AA}
    [2012/10/22 13:02:44 | 000,154,464 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\windows\SysNative\drivers\avgidsdrivera.sys
    [2012/10/21 17:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
    [2012/10/21 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos Interactive
    [2012/10/21 16:24:09 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\Desktop\Backups of project 3
    [2012/10/21 15:54:14 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{40BD84EF-3931-44D0-B8DD-A8CBE8F6B4F1}
    [2012/10/19 14:51:16 | 000,000,000 | ---D | C] -- C:\webGalleryCache
    [2012/10/19 14:12:15 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{67E7039B-75F1-484E-B7D3-25839F042D52}
    [2012/10/18 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\Tony&Theodore\AppData\Local\{3A889E57-2366-4B23-9119-F9CCD42A9221}
    [2010/09/16 13:28:02 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
    [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/15 20:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony&Theodore\Desktop\OTL.exe
    [2012/11/15 20:32:49 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/15 20:32:49 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/11/15 20:32:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/11/15 16:58:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/15 16:03:29 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/15 16:03:29 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/15 16:01:51 | 000,796,170 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/11/15 16:01:51 | 000,672,662 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/11/15 16:01:51 | 000,125,394 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/11/15 15:55:58 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/15 15:55:53 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
    [2012/11/15 15:55:38 | 2089,697,279 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/15 15:38:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/11/15 15:12:49 | 000,000,009 | ---- | M] () -- C:\END
    [2012/11/14 20:28:19 | 000,000,512 | ---- | M] () -- C:\Users\Tony&Theodore\Desktop\MBR.dat
    [2012/11/14 19:54:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tony&Theodore\Desktop\aswMBR.exe
    [2012/11/14 19:45:24 | 002,195,061 | ---- | M] () -- C:\Users\Tony&Theodore\Desktop\tdsskiller.zip
    [2012/11/14 18:54:03 | 000,283,032 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
    [2012/11/14 18:54:03 | 000,283,032 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
    [2012/11/14 18:53:34 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
    [2012/11/14 17:08:24 | 000,436,301 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/11/14 15:12:43 | 000,000,003 | ---- | M] () -- C:\windows\SysNative\HRUPPROG.DIE.NOW
    [2012/11/14 15:11:45 | 000,504,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/11/13 16:08:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/13 16:05:29 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Tony&Theodore\Desktop\dds.com
    [2012/11/13 15:55:56 | 000,302,592 | ---- | M] () -- C:\Users\Tony&Theodore\Desktop\2b5znx75.exe
    [2012/11/09 15:54:16 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/11/08 14:48:19 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
    [2012/11/07 17:22:32 | 000,000,856 | ---- | M] () -- C:\Users\Tony&Theodore\.recently-used.xbel
    [2012/11/06 02:11:36 | 011,492,288 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Tony&Theodore\Desktop\AppRemover.exe
    [2012/11/05 20:10:31 | 000,000,632 | RHS- | M] () -- C:\Users\Tony&Theodore\ntuser.pol
    [2012/11/01 16:06:27 | 000,001,408 | ---- | M] () -- C:\Users\Public\Desktop\Foldit.lnk
    [2012/10/31 15:52:36 | 012,219,121 | ---- | M] () -- C:\Users\Tony&Theodore\Desktop\FINAL PROJECT.a2w
    [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\windows\SysNative\drivers\avgidsdrivera.sys
    [2012/10/21 17:46:06 | 000,001,238 | ---- | M] () -- C:\Users\Tony&Theodore\Desktop\Play Hitman 2.lnk
    [2012/10/21 17:28:05 | 024,200,935 | ---- | M] () -- C:\Users\Tony&Theodore\Desktop\project 3.a2w
    [2012/10/19 06:55:46 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\MCLIENTx64\0302000.013\isolate.ini
    [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/15 16:58:40 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/15 15:21:34 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/11/15 15:21:34 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/11/15 15:21:34 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/11/15 15:21:34 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/11/15 15:21:34 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/11/15 15:12:49 | 000,000,009 | ---- | C] () -- C:\END
    [2012/11/14 20:28:19 | 000,000,512 | ---- | C] () -- C:\Users\Tony&Theodore\Desktop\MBR.dat
    [2012/11/14 19:45:13 | 002,195,061 | ---- | C] () -- C:\Users\Tony&Theodore\Desktop\tdsskiller.zip
    [2012/11/14 15:12:43 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\HRUPPROG.DIE.NOW
    [2012/11/13 21:49:38 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/13 21:43:19 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/13 15:55:54 | 000,302,592 | ---- | C] () -- C:\Users\Tony&Theodore\Desktop\2b5znx75.exe
    [2012/11/07 17:22:32 | 000,000,856 | ---- | C] () -- C:\Users\Tony&Theodore\.recently-used.xbel
    [2012/11/01 16:06:27 | 000,001,408 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
    [2012/10/26 14:58:46 | 012,219,121 | ---- | C] () -- C:\Users\Tony&Theodore\Desktop\FINAL PROJECT.a2w
    [2012/10/21 17:46:06 | 000,001,238 | ---- | C] () -- C:\Users\Tony&Theodore\Desktop\Play Hitman 2.lnk
    [2012/10/21 16:11:45 | 024,200,935 | ---- | C] () -- C:\Users\Tony&Theodore\Desktop\project 3.a2w
    [2012/07/03 12:27:47 | 000,283,032 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
    [2012/07/03 12:27:45 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe
    [2012/07/03 12:27:45 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
    [2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
    [2011/12/23 00:22:16 | 000,002,839 | ---- | C] () -- C:\Users\Tony&Theodore\invasion-installer-v2.bat
    [2011/11/24 13:04:35 | 000,019,183 | ---- | C] () -- C:\windows\War3Unin.dat
    [2011/10/17 17:50:21 | 000,000,632 | RHS- | C] () -- C:\Users\Tony&Theodore\ntuser.pol
    [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
    [2011/09/18 14:21:12 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/09/09 21:01:13 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
    [2011/09/09 20:57:26 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
    [2011/08/08 15:13:41 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2011/07/06 09:41:44 | 000,789,894 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/03/15 14:34:03 | 000,000,017 | ---- | C] () -- C:\Users\Tony&Theodore\AppData\Local\resmon.resmoncfg
    [2011/03/03 16:10:07 | 000,000,622 | ---- | C] () -- C:\windows\eReg.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/11/02 17:11:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Autodesk
    [2012/06/19 18:01:02 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG2012
    [2011/10/18 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\com.w3i.intune
    [2011/10/18 16:30:36 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Fighters
    [2011/08/11 16:08:11 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\My Battle for Middle-earth Files
    [2011/12/12 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\uTorrent
    [2012/10/29 13:29:22 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\.minecraft
    [2011/09/18 19:15:09 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Autodesk
    [2012/11/15 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\AVG2013
    [2012/08/31 11:26:59 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Awesomium
    [2012/04/15 12:17:36 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Babylon
    [2012/05/02 18:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Blender Foundation
    [2012/03/22 19:03:19 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\com.w3i.fliptoast
    [2012/11/07 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\gtk-2.0
    [2011/07/07 15:05:59 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Hi-Rez Studios
    [2012/09/26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\LolClient
    [2011/08/12 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\My Battle for Middle-earth Files
    [2012/01/14 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\NationRed
    [2012/03/22 16:46:40 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\ooVoo Details
    [2011/08/22 09:58:24 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\SanDisk
    [2011/10/30 07:46:05 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Spotify
    [2012/05/12 21:29:02 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Synthesia
    [2011/06/26 03:58:26 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\System
    [2012/11/12 21:25:22 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\SystemRequirementsLab
    [2011/07/29 22:24:37 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Systweak
    [2012/11/15 16:58:40 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\TuneUp Software
    [2011/11/01 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Unity
    [2011/06/23 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\VBA-M
    [2011/11/07 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Windows Live Writer
    [2011/09/10 22:18:38 | 000,000,000 | -HSD | M] -- C:\Users\Tony&Theodore\AppData\Roaming\wyUpdate AU
    [2011/09/10 10:32:32 | 000,000,000 | ---D | M] -- C:\Users\Tony&Theodore\AppData\Roaming\Xilisoft Corporation

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/09/18 19:36:49 | 005,393,792 | ---- | M] ()(C:\Users\Tony&Theodore\Documents\?a?a?t??d?? - St? t?ap??? p?? ta p???.flv) -- C:\Users\Tony&Theodore\Documents\Καζαντζίδης - Στο τραπέζι που τα πίνω.flv
    [2011/09/18 19:35:14 | 005,393,792 | ---- | C] ()(C:\Users\Tony&Theodore\Documents\?a?a?t??d?? - St? t?ap??? p?? ta p???.flv) -- C:\Users\Tony&Theodore\Documents\Καζαντζίδης - Στο τραπέζι που τα πίνω.flv

    < End of report >
  17. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    Here is the extras (oh dear :eek:)

    OTL Extras logfile created on: 11/15/2012 8:37:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tony&Theodore\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 80.38% Memory free
    15.85 Gb Paging File | 13.24 Gb Available in Paging File | 83.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 906.34 Gb Total Space | 548.88 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
    Drive D: | 537.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: TONYTHEODOREPC | User Name: Tony&Theodore | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0462751E-D127-404A-B04A-D392980A506D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{06B2DDA2-D7A9-407E-BBB3-AE60E3A577D3}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
    "{0BEDF121-7EE4-4B89-9A24-52E5CBD9A200}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0F603B02-44C9-4022-9151-5C6B64AF49BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1576C64B-885B-4665-AF8B-33B7280C6720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{18D7EE89-27B5-4AEA-829D-65DA198879C1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{1D684AFC-AF05-4716-85E1-F2F765A87C43}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
    "{233102FA-1FB9-4A01-86FD-97079A88BADF}" = lport=137 | protocol=17 | dir=in | app=system |
    "{3150B717-18B8-43B7-B905-59653D9509AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3DF085B8-E80B-4141-84A6-CCAF74B054B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{43DCDD11-C413-4E30-9224-C48722D8B45A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{485EACC2-F34A-4387-A12E-5D3E8AACD2A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4EF30E70-5BC4-4C0E-BD3B-047EA586675A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{525857A4-3A41-428C-9C09-92550F3A9F62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5280D71F-8693-4BD9-A129-B523547611CE}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
    "{5391D49A-7486-40BB-9FEB-AA949AB66957}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5B5EEB44-3E34-403A-8F31-9E6D377B8BD4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{69D9D7B9-7FC8-4A92-8B9B-38B0A5CE055B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7D26D525-0EB2-4FCF-A5DD-BB5E98030469}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7E0D797A-87B2-4189-BAB8-B8E7C58814D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{869000C8-F6DB-4FD8-BE07-37A85081A4AA}" = lport=138 | protocol=17 | dir=in | app=system |
    "{87B7E8DE-F6AB-441C-A66F-FEBF0C11B828}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{905D9D8D-40E4-4237-9E59-3F42871DA103}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
    "{90FD8203-A5A1-449D-B8BF-C79F737A9097}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{952AF5AB-A03E-456D-A71B-25176E0D45DE}" = rport=445 | protocol=6 | dir=out | app=system |
    "{99B381A4-9B22-45E0-9CF7-2D6FA5E3A0D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{A0ED275A-6F4C-4FB6-BA18-13783C657CBA}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
    "{A25E5EFD-75CD-4713-9632-E2B71698B6A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{ACA97322-72E4-4B40-970A-469C514326B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B1C3426E-F48D-47C9-B0CA-7D9DA36A31F7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{BBEE00A1-A3A2-4F43-AB2A-05DE241EB358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C7878557-C598-4E25-BED4-24CDD2E75866}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{CB06FF42-5288-41A1-B991-4F12BBDFD1E9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CB7A9652-6E59-4A36-88F7-08DB0DC803D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{D0D5C2FD-A6DE-4613-B018-5E9B54F4FFDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D6840915-33EA-405E-B232-15885843118D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{EB8DBCF5-D75C-4148-8D18-E4B9097E7825}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F80DA41C-BB08-4974-9B9C-D79E2CA235B1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F851EB06-9C35-4EE2-8F55-A3AAD30449C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FA8ECBDE-C978-4B8C-B0D4-1BAA5CD0AF32}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
  18. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    CONTINUED

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00DE7D69-1F47-460E-A955-4CD46B6700F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{03CC5535-57FB-4F94-9A5A-8A9D4953CA43}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{04EF5C00-083F-47AD-AFD0-2C34C86CA491}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{0679EF37-7E9F-4F79-A8D1-AB454FA0D968}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{06BB8CDC-5CDD-4D05-A33E-6D1950203C1A}" = protocol=17 | dir=in | app=c:\program files (x86)\socialribbons lp5\troubleshooter.exe |
    "{089B8642-D0B8-4561-9759-96F7529A7AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{0934D328-4187-4489-8649-FAED06B9E402}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{09E63837-FFA4-45B6-9AAC-D7AEE6B2FD82}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{0A123234-C90D-48F9-8A2D-C96DDD644728}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{0BB6D3A5-A791-4A56-96FC-1A6BB6BC614C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe |
    "{0BD7733D-0DE8-43D6-9511-2EE0182BD86F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{0D705E45-4BFE-451D-96C9-670037FB37BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\garrysmod\hl2.exe |
    "{0DF92FF7-C6F5-47D1-A5EA-27F242004986}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0FD31281-B1F0-42F5-8FDD-46DC0CF0F0B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{10C3CA2E-4EB2-4CF9-BA3D-55EC4B2462C2}" = protocol=6 | dir=in | app=c:\users\tony&theodore\appdata\local\google\chrome\application\chrome.exe |
    "{112372F4-DEE1-495D-ABE2-DE5B1BB08CD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{13053841-7AAC-4397-9D91-B17491C7DA61}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{13AE75A5-01B9-47BD-808D-2727DD1A9496}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{14497FD7-97C5-46AC-B63D-8A769023E428}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{15FF6A43-BB2F-41FC-86BF-343B7075673D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
    "{17BE9CEA-B9E1-4FA2-B6E7-A4160BD4268D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
    "{1EC097FF-5517-4A80-B60A-32AD33DADFA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2093BC92-267F-486C-8889-89031F5F6056}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{227F7529-398F-42F9-A9D9-240CF8AC66ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{231FAA3D-7C5E-4A07-9C60-B442A4FC4532}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
    "{2637A7F4-2F10-404B-857D-94C2D2E6695C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{271DC22A-2999-49A6-95D8-EC47F4D7D8A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{27E06F41-FF08-4AB8-90DE-DBB409F4C475}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2ADC1441-99B7-4562-95D5-5C92880D3BDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{2C556198-8587-4C64-9C93-45FC9E038CBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\pirates, vikings, and knights ii\hl2.exe |
    "{2F4D2469-4DB9-4B04-B7C0-BB84FCB1541F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
    "{2FB2B06D-D0B9-4BED-B6FF-20CDE1E79DB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
    "{35637951-0B82-4920-8E71-4CE3B93335A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{36CFC838-054F-4D9D-A65C-AB7B94B4F24F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{396E0B68-7314-41AC-886D-00D84F33F071}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{39AFB589-4FF8-4FA8-A744-6477624CDE5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
    "{39E570DB-8BF5-46BE-A535-D293845CFF8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dino d-day\srcds.exe |
    "{3ABBDE45-01F4-4E33-B636-62F2974D2391}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
    "{3B2CC425-86E8-47A7-BCD3-0006BFA7FA93}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{3BD7349F-578D-48D2-9050-0FCE2CEEF285}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{3E769C26-1FBB-437E-84FA-66CE943A6FB4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{3F77CDAD-6468-46FB-AED7-D6D4FFB7FDB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe |
    "{415D8807-14C1-4AF7-9B47-22F6593A1A80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
    "{41ED1D1A-0F30-4099-9E58-481B9DCE670A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{449A8DDF-ECAF-4F95-8078-A69C655DCCFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\counter-strike source\hl2.exe |
    "{4644AB0C-09E7-453D-8FB7-9170E90D3702}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe |
    "{47D400C1-D301-4612-B964-E7910CB790BF}" = protocol=6 | dir=in | app=c:\users\tony&theodore\downloads\facemoods.exe |
    "{48423061-2CBF-48A9-B5A3-A442F7883B82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\counter-strike source\hl2.exe |
    "{4CCFCC07-63CA-4E96-9E30-3A231F7B2A61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
    "{4F1B6370-A07A-428C-A0B1-CA13B0BCDE2D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{503B53C1-CA14-4296-A614-A926F73A1255}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{513F6B19-AEFE-44D6-BAA8-855BE8EAEF94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |
    "{5262F6DB-BD9A-4FF1-B1DD-EB59EFCF0D96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\counter-strike source\hl2.exe |
    "{55B89468-7654-4186-AEC0-F57EA3755863}" = protocol=6 | dir=in | app=c:\program files (x86)\socialribbons lp5\troubleshooter.exe |
    "{56F41549-8D5B-4743-84EA-572F6CEE4FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
    "{57ED3387-8C56-40F7-AE4E-D62507518133}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{5C309E83-BEA3-4ED2-8EB6-CC5FC2ECE738}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{5EE6A27A-8AC7-456B-B8B6-DBC6BB017A54}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{5F7A3CFE-E43F-4F5B-BA72-D942CAD0A22A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{662D1DDC-E9A3-470B-9AF2-C8F15D8A3B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\sourcesdk\bin\sdklauncher.exe |
    "{667D6757-D406-437B-92DD-8C0B6D798994}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{6685F3F6-31F4-4271-B095-90D28E809BF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\pirates, vikings, and knights ii\hl2.exe |
    "{66B8BE81-C18E-4F28-A3F9-AD6A5362D983}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{6717E853-D474-4DDF-9E59-75E235F55567}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{68039990-3758-4EE6-9F52-23D2484F39C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{68C824CB-3A67-4461-8A01-67BD9E106CB4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{68CF28C4-6813-4472-8360-162E31D39102}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{6A19F942-1CF6-44C5-AFAB-79BC05B7E08B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
    "{6B5A3C18-9CB7-4C45-9F7F-729E30D26A31}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{6D987EFA-DEA6-4EE4-9C02-05DB91B78792}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
    "{6DAC8E49-2999-43C1-AA7D-C75262334EFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |
    "{75A46C94-6BE1-410D-B069-3DE88141A54B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\zombie panic! source\hl2.exe |
    "{769289A8-71B6-4EF0-AE16-222197EB833C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{76B1C38C-6B23-42C6-9617-71DA1436C75A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{775A5A4E-5019-4FA7-BE95-D77A02DBA837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{775E4F92-AB9E-4B72-AA18-353482A617E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{7912CDCB-12E2-44A8-A5E6-25F213F047D1}" = protocol=17 | dir=in | app=c:\users\tony&theodore\downloads\a_beginners_guide_to_ethical_hacking.rar_downloader_224.exe |
    "{799C25D8-85E0-418A-B475-D77C6D0915C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{7FB5FD59-CFE9-4B67-BD88-9EB23C320590}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\clientlauncherr.exe |
    "{812EECEB-441E-414B-AADF-52DDE7891359}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{831CD3AD-1267-4E7F-AC9A-61C5C0721929}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{85C2BC58-7672-4662-BAEA-6BE720600CD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{87142237-4B3A-4284-90A6-F4EAC5645305}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{87E68F7A-FD84-4960-9A38-72E8F2E362C6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{8955DD40-9E2A-49DF-948F-B9ED1A2860CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{8EFBAA55-A451-48D1-B27D-EC9EDD9BBEC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
    "{8F98713E-11F0-4B14-8E37-877AAF4936BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
    "{8FB08601-FAAB-4B9D-A391-11A34B70B6D2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{91267BA3-5A72-4297-84AE-62A832807536}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{919AC6B9-A905-4950-B98C-682E6FFD6462}" = protocol=17 | dir=in | app=c:\users\tony&theodore\downloads\facemoods.exe |
    "{92BE3D15-5801-4CCE-ABF9-EEC34A59D49E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{9357F458-A3E6-437F-898B-8E15F31C9B47}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{939C625E-A94F-455C-A552-F5E0056324DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
    "{95DCE59C-9192-4F95-A043-E5D1C3E5C7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
    "{999AB497-6B1D-4D4F-A06E-0A58B357D0B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{9BA2CE1E-7676-4D3A-A228-AE4611323010}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "{9C14E06E-CFB1-413A-AE7B-D0BBF1901CF2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{9D9C6BEB-B4B0-49AA-8BFE-2E341001FC95}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{A25A47A6-3B76-4FAC-A0D9-D42E970DD9E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
    "{A43234D9-35F6-43FC-8E81-6BAE6CFFEFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\sourcesdk\bin\sdklauncher.exe |
    "{A55C22EF-5C88-422F-AE84-0CD751F9D3B4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{A5A2A4F4-28B2-4AF2-AA0C-8104E68BE819}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dino d-day\srcds.exe |
    "{A67C4D4F-9576-4F0C-A021-E0A3C18E54B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
    "{A6FBC3B1-619B-44FA-B2A4-88D619B808BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\counter-strike source\hl2.exe |
    "{AA5A6B0F-A559-4477-A443-5BD8AD89D9E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{AABEEFBB-040D-459B-A6FF-6A216E4CF658}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\zombie panic! source\hl2.exe |
    "{AB19B93B-A807-475D-A2A2-9CADA993C76E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB5BB1EE-FC93-4585-86FF-A1549B176929}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ACA61F05-4DCF-4BB7-A01B-EEB949B53871}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
    "{AD79B761-BF28-4746-B2E5-C4E8F1F57691}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{ADF49BBC-14FD-45A2-8EC0-1A2C6F4ADF71}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{B09007F4-3D4F-4440-9081-CB9B5115CD71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
    "{B0CC801B-C58D-4DED-8E25-F0DCD9EC67E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{B0E5741F-1402-4684-A2C3-6E1F4177BD1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{B16B7351-6A98-4B42-9234-0E7359283C74}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{B717EFA1-B307-4300-B223-9E5180F83368}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B8F19905-66E0-4F1D-AC88-9E7C4785C370}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\clientlauncherr.exe |
    "{B92BA02B-A70C-4905-A9B7-E1590D56A4C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{BC99E975-AE09-4873-90D3-7A5CE5F3A500}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{BD6423C4-A462-4C40-80F9-0AD98B6194AF}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{BDFEE2FD-55F0-4646-9F3C-4A093AE19158}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C04E18ED-7A3B-4FAA-A2B1-6E3CE45294B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
    "{C0CED820-F949-404F-8802-FB65CDB78EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{C0DA4C5B-6354-43B3-B5D8-C1A09511FFA4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{C16DCFF1-FDA7-4C3F-9829-5714B3960408}" = protocol=6 | dir=out | app=system |
    "{C61CAFAD-DC49-4BBC-9F62-C62E98099A78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
    "{CAE54E0B-2EEE-48E8-90BF-51263967ADC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\day of defeat source\hl2.exe |
    "{CBC83EDE-1C63-4526-B568-B0809F6FAB2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\zombie panic! source\hl2.exe |
    "{CD613B4D-81E8-452E-9882-7226B91E6DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
    "{CD918B9D-7BD0-4E6D-B79F-1247D6DE47AE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{CFE1898C-D428-467D-99B9-6B55D850820B}" = protocol=17 | dir=in | app=c:\users\tony&theodore\appdata\local\google\chrome\application\chrome.exe |
    "{D1BC2504-1B93-4889-B068-562BBE5CA920}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{D24E9E85-85DC-4CFE-8296-A1B9B0F8F747}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe |
    "{D2EE22D1-1481-4B93-92C3-1C1DBFB0640A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "{D453AC68-08E8-4931-9517-21E1434FC8FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D4A37F45-5805-4756-9AAD-F3DC4CF55836}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
    "{D5117936-5F9A-4AD2-98E9-7A6F25AEA659}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{D5429DDA-45FA-449A-93D9-8A1BA63C78D2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{D563A2FE-226C-49DB-8DB4-7D039784D93E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{D6876D1A-F31D-4B06-B0DF-71E76E8F23E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
    "{D6DDED62-EB71-477B-A2BC-78CF10DEBA3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\garrysmod\hl2.exe |
    "{D7595056-EA3D-4B3A-91B2-833F4E94BB1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
    "{DBA22160-20CA-4D7F-9D97-F9235DD00829}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{DC9992FD-065A-4FC0-8550-2EE74885DE6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
    "{DE478D08-B0A0-439F-8371-AB03776A996B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DEC60361-C38D-4041-89B8-5A2B3EA20C85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\zombie panic! source\hl2.exe |
    "{E1767925-19E8-483C-B6A6-8B44ACCDA177}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
    "{E1B27DAE-048A-4AC2-9435-5569436F58FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E2D9ED3E-0A05-4619-93BD-1AC6F5A344A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
    "{E371252D-E02D-48DD-9D10-54D56FCB7068}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{E8348486-DB46-4F52-A4AB-E36E368DC3FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{E8E5E6B5-CFCB-477D-882E-612F5486EA99}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{E9C4F436-AD02-4C26-9A41-0B86C44C0915}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{EBD3D65D-0954-406B-BAE3-054F9E21C5C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{ECE899A0-D82F-4A46-8D1E-C946236CF456}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{EE17657A-9071-42E9-A781-18688384B383}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EED24B83-A6CE-4901-B480-818B17403DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
    "{F0785686-01C7-49A6-B05B-74C41763C1FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
    "{F0B7AC88-4BA2-4B6A-A6C8-CB2AA2C0E57F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\day of defeat source\hl2.exe |
    "{F0C0B8EC-2F4F-42A3-B98C-194C4656F4FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\garrysmod\hl2.exe |
    "{F3642756-B585-4B19-8A7B-11C48F42FCEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F5AB1695-5101-4B17-BBD0-F569DC67C916}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
    "{F6900941-383D-47D3-A8C9-3E4EF04465F1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{F75ADAC2-9381-4D5A-91D7-F6A05AF1F76D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{F75D0F48-A939-4FD8-9F13-3ED3573754C9}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{FA2FF4A3-D344-46C0-BC12-0EC3FD84C2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
    "{FA920868-ACC6-48D5-B3E0-E85B4EAC1F97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\garrysmod\hl2.exe |
    "{FC82D9D1-5CE7-4002-956F-6650E0B80449}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{FCC7F980-284C-4924-93DC-B8826467F050}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FD72BC57-9F37-4645-A784-91D1A389D9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{FDBFA474-DFD7-4D8E-910D-075B1A0E0000}" = protocol=6 | dir=in | app=c:\users\tony&theodore\downloads\a_beginners_guide_to_ethical_hacking.rar_downloader_224.exe |
    "{FDF0D322-C1AA-4F9D-BACF-C13F457E5EFC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{FE02D98D-898E-4475-B1FF-4005FC2C37BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
    "{FF1D6155-713D-4993-B54C-5A2F5A83E608}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{FF59BE36-4036-4CC8-9638-30CF189CF0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "TCP Query User{01777649-FFD4-4832-8F2D-E7BA16716494}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "TCP Query User{099A064F-0C0A-453D-B048-86BA32E799E7}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
    "TCP Query User{1ABE62FC-FAE9-4325-996C-472690B17E44}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "TCP Query User{1C831F77-FBF0-4004-A3D6-E1FB6CA27D93}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
    "TCP Query User{1D6516C8-EB67-4B5B-9159-00AB35D42305}C:\users\tony&theodore\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{212E7F17-412A-4F43-8F63-542D1A9E5CDE}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
    "TCP Query User{22E603D5-1E83-4253-8F7D-78B5F7407FA2}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
    "TCP Query User{253F8989-9863-4286-B664-F3EA36313441}F:\not school\starcraft\starcraft.exe" = protocol=6 | dir=in | app=f:\not school\starcraft\starcraft.exe |
    "TCP Query User{2D65D062-FB64-4CFF-903E-510A931D3A6F}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "TCP Query User{31BCCA4E-0A22-4509-BAFC-B731055E17C1}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
    "TCP Query User{3810B4EE-24B6-401C-AC3B-ACD67EFAA66A}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
    "TCP Query User{38C71097-3C78-481E-9CF6-DF88351FB85D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "TCP Query User{47558F81-F988-4EDE-BB25-65CEDEBD8C66}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "TCP Query User{4A50FB43-49D1-47A4-81DD-E21019C9D500}C:\users\tony&theodore\downloads\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\downloads\downloader_diablo2_enus.exe |
    "TCP Query User{4AE39C73-C3E8-4C9E-A2D5-EA1BD83BC42C}C:\program files (x86)\steam\steamapps\z0mb1e105\half-life blue shift\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\half-life blue shift\hl.exe |
    "TCP Query User{4AFD4EC3-B47D-4355-A246-83441D789B25}C:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base 2007\hl2.exe |
    "TCP Query User{4ED1A10A-AAE9-4101-BE8D-1E20788CE3F9}C:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe |
    "TCP Query User{51CB54FF-7E1A-490B-BFA1-21A0C5D54584}C:\users\tony&theodore\desktop\ragdoll games\teenagemutantninjapuppets017b.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\desktop\ragdoll games\teenagemutantninjapuppets017b.exe |
    "TCP Query User{536E93D4-9541-48B9-ACCA-69EACD67A6B5}C:\program files (x86)\desura\common\erie\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\desura\common\erie\binaries\win32\udk.exe |
    "TCP Query User{587B3D83-74B7-46A6-A5B3-80043E37F1AF}C:\users\tony&theodore\desktop\new folder (6)\teenagemutantninjapuppets017b.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\desktop\new folder (6)\teenagemutantninjapuppets017b.exe |
    "TCP Query User{5E2C7A1B-A8D7-4D9D-9486-BAB579E8D0B5}C:\program files (x86)\valve\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\half-life\hl.exe |
    "TCP Query User{60D6E178-C0B4-4707-87CA-494E80FEDFC2}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
    "TCP Query User{6849171A-25A2-4CD4-A3AA-5501B747E10D}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
    "TCP Query User{68FB8D29-696C-47B0-8D43-70311F6BCE90}C:\users\tony\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tony\desktop\utorrent.exe |
    "TCP Query User{6BAFB8B9-6006-42F1-88B0-B6BA97B10737}C:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base\hl2.exe |
    "TCP Query User{6F76EA2F-3B72-443A-BFCE-CF6A5B8540A0}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "TCP Query User{6FE11DB9-C718-4FBF-9EAA-54927EA3BFB6}C:\program files (x86)\valve\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\half-life\hl.exe |
    "TCP Query User{70AA7121-3269-4A09-A5BC-1AFB6538815A}C:\users\tony&theodore\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\downloads\downloader_starcraft_combo_enus.exe |
    "TCP Query User{726FDCE9-6402-4DBC-AD7D-045B11D7CD58}C:\program files (x86)\starcraft ii\starcraft ii public test.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
    "TCP Query User{778D55FD-AFD4-4D02-8986-7A1E8542AB74}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
    "TCP Query User{796F0B38-1B13-444C-ABE0-34AC053D27BF}C:\users\tony&theodore\downloads\teenagemutantninjapuppets017b.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\downloads\teenagemutantninjapuppets017b.exe |
    "TCP Query User{7AE680E7-B1C8-4004-8405-C312916A6CE6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{88E379A7-45E6-4853-80EB-3A61760E454A}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
    "TCP Query User{8B6158E4-20E0-41A5-97AA-9754B5492E52}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{9A6054AD-84DF-4412-A536-53974C722C01}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "TCP Query User{A71B4289-1FD2-4360-BFF6-76B91F85900E}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{A8DC51A1-77A6-4899-8E05-ABE8D3A2B9A3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "TCP Query User{B951B44F-C20D-4728-90EF-B22A95FDA6E0}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
    "TCP Query User{BB0937E0-B5C3-4020-95A1-B345850EEB35}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
    "TCP Query User{C075F0AF-F20E-475E-AE17-073FE959E711}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
    "TCP Query User{C1133A9F-11FE-4A45-B4E7-97D9FDD129D7}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
    "TCP Query User{C797DC0A-9639-42E3-88B9-D6B374004722}C:\program files (x86)\starcraft ii\test\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\test\versions\base19679\sc2.exe |
    "TCP Query User{CA01CC75-5ECF-4D94-B8B8-AA9A85073295}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "TCP Query User{CB2C723F-BF53-4076-86BD-D3378359EF3E}C:\users\tony&theodore\desktop\teenagemutantninjapuppets017b.exe" = protocol=6 | dir=in | app=c:\users\tony&theodore\desktop\teenagemutantninjapuppets017b.exe |
    "TCP Query User{D22C73E4-77CA-44F7-ACAC-7BB8CA141F30}C:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe |
    "TCP Query User{E1128764-7A8A-4304-BC08-D1703600FEE0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{E60D0AC7-7B05-4A66-BFAD-D9560571B5F2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{ED6791A5-A905-4AB0-ABA7-AB2F01823876}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
    "TCP Query User{F2D8F3C1-F00F-4A6B-B264-794E130FC01E}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
    "TCP Query User{F6EA349B-596C-407C-A1A0-84AC4CE6590E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{00A90AD4-AAEE-40D2-9C87-C7F5CDD75771}C:\program files (x86)\desura\common\erie\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\desura\common\erie\binaries\win32\udk.exe |
    "UDP Query User{0869C58E-44C9-4CA5-BAAC-5404FDE566A3}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
    "UDP Query User{0E0D2740-9BAB-4999-943B-C57A8D99CE00}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
    "UDP Query User{10FAE0D2-3CD5-4BB5-80EE-D75063C804D8}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{16A2DF22-C38F-42A7-85B8-7BF31AF2BC2D}C:\users\tony&theodore\downloads\teenagemutantninjapuppets017b.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\downloads\teenagemutantninjapuppets017b.exe |
    "UDP Query User{23255D7E-5FEC-4AA0-BC24-56DC5CBE4CF8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{2BD2CEE9-C2E2-44E0-AC86-4E03BA420A6B}C:\program files (x86)\valve\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\half-life\hl.exe |
    "UDP Query User{2C7FDA59-9318-42CE-A66B-427F19FA937A}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "UDP Query User{2CEC080B-EB9D-445F-9FA6-C6C4FA4E25F8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "UDP Query User{3902E566-A837-4B0D-A82F-42511061DD2B}C:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe |
    "UDP Query User{3CDD5C85-DE79-4A5F-A7D5-4E755619A44E}C:\users\tony&theodore\desktop\ragdoll games\teenagemutantninjapuppets017b.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\desktop\ragdoll games\teenagemutantninjapuppets017b.exe |
    "UDP Query User{42F2E245-CF92-44EA-BC73-ADED4293B5D3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{466CC04D-EE26-4395-8991-CD9081AB4374}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
    "UDP Query User{49FBF66F-1C3D-4D34-B58A-70B6FDAA892D}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
    "UDP Query User{4AC5E293-F5A1-4DA1-924C-E9F72345F30E}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
    "UDP Query User{4C4FCCC8-40A1-4576-9EA3-31A6CF6F9C2D}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
    "UDP Query User{50CAAABA-BE69-44F1-B0EE-EDA5515BB14C}C:\program files (x86)\valve\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\half-life\hl.exe |
    "UDP Query User{51A3FD68-CA46-4D57-9D6D-52E7DC219512}C:\users\tony&theodore\downloads\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\downloads\downloader_diablo2_enus.exe |
    "UDP Query User{581A7E7B-692B-4FFC-A5A7-5517DC65C004}C:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base 2007\hl2.exe |
    "UDP Query User{59A06F5E-5E8E-4EB5-85BA-B2041EAC49F6}C:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\source sdk base\hl2.exe |
    "UDP Query User{5B453980-9A68-4E99-AA62-CB6F91640FA1}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
    "UDP Query User{87AFDA4A-92E6-4AB7-908B-CFA9A334B5AD}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
    "UDP Query User{8A09F8C5-330E-4A44-A5CA-00EFE133D4E1}C:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\team fortress 2\hl2.exe |
    "UDP Query User{8B4881CD-E3E7-4264-96B0-3C26A238B53B}C:\program files (x86)\steam\steamapps\z0mb1e105\half-life blue shift\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\z0mb1e105\half-life blue shift\hl.exe |
    "UDP Query User{8D70A4D1-7FF6-4CC0-B37D-4AC350C41567}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
    "UDP Query User{8FBFAEBD-1852-4854-8536-7FE8E9879BA1}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
    "UDP Query User{926713B3-2B06-4747-8891-9F8060C9C6F5}C:\users\tony&theodore\desktop\teenagemutantninjapuppets017b.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\desktop\teenagemutantninjapuppets017b.exe |
    "UDP Query User{A562F72A-FFBC-4A77-AACA-4A5FB4227901}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{A74BD2FB-CD4D-470D-86F6-A4B5547A6ECC}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "UDP Query User{A8B3C66A-2F01-4FE8-A468-E13074E27FE3}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
    "UDP Query User{ACDAA4C2-A955-421B-86CC-0FDDBE4F9F67}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
    "UDP Query User{AE876D98-0D37-44E6-8A25-CCFE09C8D777}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
    "UDP Query User{B35D30F8-54FE-45EC-B85C-628FF98DA6EC}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
    "UDP Query User{B39E4B81-7AE9-4CB6-80C6-6779D6F03B3D}C:\users\tony&theodore\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\downloads\downloader_starcraft_combo_enus.exe |
    "UDP Query User{B7B4E784-4DFB-4F11-96EF-2A827080296B}C:\users\tony&theodore\desktop\new folder (6)\teenagemutantninjapuppets017b.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\desktop\new folder (6)\teenagemutantninjapuppets017b.exe |
    "UDP Query User{B91F2AC8-1637-49BB-AE52-B1E84C7EE074}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{BA7CD9C2-8552-4ACA-9045-E1DF433FF8B5}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "UDP Query User{BB4CD703-DEB5-417E-BF14-66D0A9BF0819}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
    "UDP Query User{BBFBE755-0EA3-42CD-BE09-6803212DA082}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
    "UDP Query User{BC55AECF-5BE0-46B3-9BC7-F50746E97F77}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "UDP Query User{CBDC28EA-C1FA-459A-83A3-70B0B24295FA}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "UDP Query User{CE710392-542D-4CDB-830C-FFE77FE8BA3A}C:\users\tony\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tony\desktop\utorrent.exe |
    "UDP Query User{E303E800-F4FC-4152-8618-369A6C6701BC}F:\not school\starcraft\starcraft.exe" = protocol=17 | dir=in | app=f:\not school\starcraft\starcraft.exe |
    "UDP Query User{E7C0B230-444D-40FF-9815-A0D049E110DE}C:\program files (x86)\starcraft ii\starcraft ii public test.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
    "UDP Query User{E9BD9C68-7BAD-407A-AE57-503074687B19}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "UDP Query User{EEA484D3-F335-4603-BD35-661C7400A9B9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{F3054A31-E35C-4BBD-9E4D-4A3CC8527DAD}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
    "UDP Query User{F4D9B184-BF53-4A7B-990C-C1B3610B2EE1}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{F4E37381-3F1B-47C0-A47B-05EFD030854C}C:\users\tony&theodore\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tony&theodore\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{F76E2F3E-AD10-46DB-9947-3C498F042B34}C:\program files (x86)\starcraft ii\test\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\test\versions\base19679\sc2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
    "{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
    "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
    "{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}" = BOINC
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
    "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
    "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "AutoCAD 2012 - English" = AutoCAD 2012 - English
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "PC Optimizer Pro" = PC Optimizer Pro
    "PROSet" = Intel(R) Network Connections Drivers
    "UDK-65d14ca0-53ff-43fd-9ac9-d1cf2943f901" = My Game Long Name
  19. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    CONTINUED X2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216025F0}" = Java(TM) 6 Update 25
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
    "{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver
    "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6BFE5BAC-323E-41CC-9867-2F5D0287FCBD}" = myTV
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
    "{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software
    "{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9921C67F-CF6D-431E-B554-40075B8C6C10}" = Kodu Game Lab
    "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
    "{BAC8C2FD-1FF8-4615-B827-9042248121CB}" = Mobile Mouse Server
    "{C54184D0-D281-4523-B357-0606209DB56C}" = myTV
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF6742E3-EA39-48C1-9343-CC3651C9E6BA}" = SaveTheChildren Reminder by We-Care.com v4.0.18.4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper
    "{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1" = Shop To Win
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F90F759A-78EF-4370-B25E-EC5F710D1097}" = Power Dial
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVG Secure Search" = AVG Security Toolbar
    "AVS Image Converter_is1" = AVS Image Converter 2.0.2.160
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "Desura" = Desura
    "Desura_18829136625680" = Desura: Black Mesa
    "Desura_7876970020880" = Desura: No More Room in Hell
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "Fallout New Vegas_is1" = Fallout New Vegas
    "Foldit" = Foldit
    "Fraps" = Fraps
    "Google Chrome" = Google Chrome
    "Half-Life_is1" = Half-Life
    "Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MCLIENT" = Norton Management
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NBRTWizard" = Norton Bootable Recovery Tool Wizard
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
    "PowerISO" = PowerISO
    "ProjectZomboid" = Project Zomboid (remove only)
    "PunkBusterSvc" = PunkBuster Services
    "Setup Support for Social Ribbons" = Setup Support for Social Ribbons 1.0
    "SocialRibbons LP5" = SocialRibbons LP5
    "StarCraft" = StarCraft
    "StarCraft II" = StarCraft II
    "StartNow Toolbar" = StartNow Toolbar
    "Steam App 1250" = Killing Floor
    "Steam App 130" = Half-Life: Blue Shift
    "Steam App 17020" = Global Agenda
    "Steam App 17080" = Tribes: Ascend
    "Steam App 17500" = Zombie Panic Source
    "Steam App 17570" = Pirates, Vikings, & Knights II
    "Steam App 1840" = Source Filmmaker
    "Steam App 202290" = Sonic Generations Demo
    "Steam App 203850" = Microsoft Flight
    "Steam App 209870" = Blacklight: Retribution
    "Steam App 211" = Source SDK
    "Steam App 212160" = Vindictus
    "Steam App 218" = Source SDK Base 2007
    "Steam App 22230" = Rock of Ages
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 39000" = Moonbase Alpha
    "Steam App 39800" = Nation Red
    "Steam App 4000" = Garry's Mod
    "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
    "Steam App 570" = Dota 2
    "Steam App 57310" = Amnesia: The Dark Descent Demo
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 730" = Counter-Strike: Global Offensive
    "Steam App 90530" = Rise of Immortals
    "Steam App 99900" = Spiral Knights
    "Sumotori Full Version" = Sumotori Full Version
    "Synthesia" = Synthesia (remove only)
    "TeamViewer 6" = TeamViewer 6
    "Universe Sandbox" = Universe Sandbox
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Warcraft III" = Warcraft III
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "Xilisoft DPG Converter" = Xilisoft DPG Converter

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3718762900-4173039834-1257701688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Sansa Updater" = Sansa Updater
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/13/2012 4:22:43 PM | Computer Name = TonyTheodorePC | Source = Customer Experience Improvement Program | ID = 1006
    Description =

    Error - 11/13/2012 6:00:03 PM | Computer Name = TonyTheodorePC | Source = Customer Experience Improvement Program | ID = 1006
    Description =

    Error - 11/13/2012 7:07:57 PM | Computer Name = TonyTheodorePC | Source = Application Error | ID = 1000
    Description = Faulting application name: TribesAscend.exe, version: 1.0.1141.8,
    time stamp: 0x50919a6d Faulting module name: TribesAscend.exe, version: 1.0.1141.8,
    time stamp: 0x50919a6d Exception code: 0xc0000005 Fault offset: 0x001e94c3 Faulting
    process id: 0x18b4 Faulting application start time: 0x01cdc1f377f70cbf Faulting application
    path: C:\Program Files (x86)\Steam\steamapps\common\tribes\binaries\Win32\TribesAscend.exe
    Faulting
    module path: C:\Program Files (x86)\Steam\steamapps\common\tribes\binaries\Win32\TribesAscend.exe
    Report
    Id: f612e3df-2de6-11e2-9658-4437e60934b1

    Error - 11/14/2012 4:18:48 PM | Computer Name = TonyTheodorePC | Source = Customer Experience Improvement Program | ID = 1006
    Description =

    Error - 11/14/2012 7:49:45 PM | Computer Name = TonyTheodorePC | Source = Application Error | ID = 1000
    Description = Faulting application name: BLR.exe, version: 0.9.9.1, time stamp:
    0x508f5e91 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process id:
    0x1e4c Faulting application start time: 0x01cdc2bf81411789 Faulting application path:
    C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight
    Retribution\Live\Binaries\Win32\BLR.exe Faulting module path: C:\windows\syswow64\ole32.dll
    Report
    Id: f6e4c083-2eb5-11e2-8b0c-4437e60934b1

    Error - 11/14/2012 8:04:48 PM | Computer Name = TonyTheodorePC | Source = Application Error | ID = 1000
    Description = Faulting application name: BLR.exe, version: 0.9.9.1, time stamp:
    0x508f5e91 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process id:
    0x1084 Faulting application start time: 0x01cdc2c3321343ef Faulting application path:
    C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight
    Retribution\Live\Binaries\Win32\BLR.exe Faulting module path: C:\windows\syswow64\ole32.dll
    Report
    Id: 113dee2b-2eb8-11e2-8b0c-4437e60934b1

    Error - 11/14/2012 8:13:08 PM | Computer Name = TonyTheodorePC | Source = Application Error | ID = 1000
    Description = Faulting application name: GameOverlayUI.exe, version: 1.32.20.50,
    time stamp: 0x4f46a9bf Faulting module name: NPSWF32_11_4_402_287.dll, version:
    11.4.402.287, time stamp: 0x5066df1c Exception code: 0xc0000005 Fault offset: 0x0010d5e7
    Faulting
    process id: 0x1948 Faulting application start time: 0x01cdc2c5dcab4089 Faulting application
    path: C:\Program Files (x86)\Steam\GameOverlayUI.exe Faulting module path: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    Report
    Id: 3b3a9ca0-2eb9-11e2-bdc1-4437e60934b1

    Error - 11/14/2012 8:13:34 PM | Computer Name = TonyTheodorePC | Source = Application Error | ID = 1000
    Description = Faulting application name: GameOverlayUI.exe, version: 1.32.20.50,
    time stamp: 0x4f46a9bf Faulting module name: NPSWF32_11_4_402_287.dll, version:
    11.4.402.287, time stamp: 0x5066df1c Exception code: 0xc0000005 Fault offset: 0x0010d5e7
    Faulting
    process id: 0x814 Faulting application start time: 0x01cdc2c602046f8a Faulting application
    path: C:\Program Files (x86)\Steam\GameOverlayUI.exe Faulting module path: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    Report
    Id: 4af4e307-2eb9-11e2-bdc1-4437e60934b1

    Error - 11/15/2012 3:50:01 PM | Computer Name = TonyTheodorePC | Source = Customer Experience Improvement Program | ID = 1006
    Description =

    Error - 11/15/2012 5:54:59 PM | Computer Name = TonyTheodorePC | Source = MsiInstaller | ID = 11704
    Description =

    [ System Events ]
    Error - 11/15/2012 4:19:29 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 11/15/2012 4:24:25 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7034
    Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 11/15/2012 4:32:01 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/15/2012 4:35:57 PM | Computer Name = TonyTheodorePC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/15/2012 4:37:06 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/15/2012 4:37:18 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/15/2012 4:41:13 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 11/15/2012 4:41:13 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 11/15/2012 4:58:19 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 11/15/2012 4:58:19 PM | Computer Name = TonyTheodorePC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
  20. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    And also, the browser is running much more smoothly, and also I noticed FREEzeFrog was caught (finally!). Any more instructions?
  21. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    You didn't say:
    [​IMG]

    =======================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      [2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\searchplugins\askcom.xml
      O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll File not found
      O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-3718762900-4173039834-1257701688-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
      O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    [​IMG]

    Lol. Sorry about that I don't have any problems now, but before I post the log that when I ran the OTL custom scan you gave me, I accidentally copied the text Code: at the top and ran it and it crashed windows, but I rebooted it and it's all good now, but there are two desktop.ini files that appeared after and then diseappeared after I ran it correctly.

    kk heres the log

    All processes killed
    ========== OTL ==========
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    C:\Users\Tony&Theodore\AppData\Roaming\mozilla\firefox\profiles\8jxpji4t.default\searchplugins\askcom.xml moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3718762900-4173039834-1257701688-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tony
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 31692311 bytes
    ->Java cache emptied: 4664103 bytes
    ->FireFox cache emptied: 96221795 bytes
    ->Google Chrome cache emptied: 453789460 bytes
    ->Flash cache emptied: 75353 bytes

    User: Tony&Theodore
    ->Temp folder emptied: 927641 bytes
    ->Temporary Internet Files folder emptied: 27087278 bytes
    ->Java cache emptied: 45699343 bytes
    ->FireFox cache emptied: 72562618 bytes
    ->Google Chrome cache emptied: 6835919 bytes
    ->Flash cache emptied: 67497 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 557056 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32097 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 706.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Tony
    ->Java cache emptied: 0 bytes

    User: Tony&Theodore
    ->Java cache emptied: 0 bytes

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tony
    ->Flash cache emptied: 0 bytes

    User: Tony&Theodore
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11152012_211952

    Files\Folders moved on Reboot...
    C:\Users\Tony&Theodore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    I will run the additional scans tomorrow if that is no problem, I am a bit short on time. Anyways, I saw a few words called error in one of the logs, is that an issue to be resolved or should I not be concerned?
  23. Broni

    Broni Malware Annihilator Posts: 45,216   +243

    Don't worry about those.
  24. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    Okay.. Lets get started
    When I ran security check, it performed its task fine, but in the end it opened up an empty text log and in the command prompt it said the system cannot find the path specified twice

    Here is the FSS text log

    Farbar Service Scanner Version: 09-11-2012
    Ran by Tony&Theodore (administrator) on 16-11-2012 at 15:25:48
    Running from "C:\Users\Tony&Theodore\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================
    Here is the adwcleaner text
    # AdwCleaner v2.007 - Logfile created 11/16/2012 at 15:31:39
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tony&Theodore - TONYTHEODOREPC
    # Boot Mode : Normal
    # Running from : C:\Users\Tony&Theodore\Downloads\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\Application Updater
    Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
    Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Local\APN
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Local\Babylon
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Local\TempDir
    Folder Deleted : C:\Users\Tony&Theodore\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Tony&Theodore\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Tony&Theodore\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Tony&Theodore\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Tony&Theodore\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Tony&Theodore\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Firefox\Profiles\8jxpji4t.default\extensions\crossriderapp2258@crossrider.com
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Firefox\Profiles\8jxpji4t.default\extensions\wecarereminder@bryan
    Folder Deleted : C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Firefox\Profiles\8jxpji4t.default\FCTB
    Folder Deleted : C:\Users\Tony&Theodore\Documents\DealRunner
    Folder Deleted : C:\Users\Tony\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Tony\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Tony\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Tony\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Tony\AppData\LocalLow\Search Settings
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Compete
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\ShopToWin
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\Bandoo
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
    Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
    Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
    Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.Shopping
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.Shopping.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.FCTB000100297Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.FCTB000100297Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100297.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\FCSB000063123
    Key Deleted : HKLM\SOFTWARE\FCTB000100297
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\FREEzeFrog
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=5eafa46f0000000000004437e60934b1 --> hxxp://www.google.com
    -\\ Mozilla Firefox v15.0.1 (en-US)
    Profile name : default
    File : C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Firefox\Profiles\8jxpji4t.default\prefs.js
    C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Firefox\Profiles\8jxpji4t.default\user.js ... Deleted !
    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
    Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsr[...]
    Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=050412_30b");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5eafa46f0000000000004437e60934b1");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "5eafa46f0000000000004437e60934b1");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15445");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=05041[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:17:46");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.aniweather.timeShifted", 1675150);
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1334510256);
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
    Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 15);
    Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1334510256");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1334510256");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Sun Oct 14 2012 00:[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sat Oct 20 2012 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1350188956");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346785573842");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2230388%22");
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346785573535");
    Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
    Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
    Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "90");
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Sun Oct 14[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
    Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 6);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 3);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
    Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
    Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 15);
    Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
    Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
    Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 90);
    Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
    Deleted : user_pref("extensions.crossriderapp2258.bic", "136b702dc57cc5865411b607118c4083");
    Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
    Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1334510280);
    Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22503087);
    Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22503150);
    Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1346888763198");
    Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1346888763194");
    Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.AutoSearchEventData", "auto%20search");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.ClearCacheDate", 14);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DNSCatch", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DisplayEULA", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DnsCatchEventData", "dns%20catch");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.EBOMode", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.FirstLaunchShown", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.InstallDomain", "freecause.com");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.InstallType", "standard");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.LoadLayoutDate.100297", 14);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.NewTabSearchEventData", "tab%20search");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.ShowRecommendedOptions", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.StateReportDate", "1350185204877");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.TopRightSearchEventData", "top%20right%20search[...]
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeInstallSaved", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeinstall.homepage", "hxxp%3A//www.ask.com/[...]
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeinstall.search", "Ask.com");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.customNewTab", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.helpUsImprove", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.hideOthers", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.partnerauth", false);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.processAddrBar", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.restoreSearch", false);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.searchHistory", true);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.session", "295EBEF661F264D2E9EF8EB31279FBDB3BE2[...]
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.showFirstLaunchOptions", false);
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.tb_lang", "en");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.tool_id", "100297");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_id", "108568690");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_key", "0d09a72139ee469740f2c12ee09be55981e[...]
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_layouts", "100297");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_lnames", "SocialRibbons%20LP5");
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
    Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.yahooSearch", true);
    Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bf8531c97-2c9a-48e6-9a15-17e089bb46a9[...]
    Profile name : default
    File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\luewiram.default\prefs.js
    [OK] File is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Tony&Theodore\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [34050 octets] - [16/11/2012 15:31:39]
    ########## EOF - C:\AdwCleaner[S1].txt - [34111 octets] ##########
  25. Classified1

    Classified1 Newcomer, in training Topic Starter Posts: 55

    Here is the Eset online scanner log, it caught quite a bit of adware, it makes up for the 4 hour scan it took ;)

    C:\Program Files (x86)\SocialRibbons LP5\patch.batWin32/Toolbar.BHO.B applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.virWin32/Toolbar.Zugo applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vira variant of Win32/Toolbar.Zugo applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vira variant of Win32/Toolbar.Zugo applicationcleaned by deleting - quarantined
    C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\background.htmlWin32/Adware.Yontoo.C applicationcleaned by deleting - quarantined
    C:\Users\Tony&Theodore\AppData\LocalLow\FCTB000100297\Toolbar\patch.batWin32/Toolbar.BHO.B applicationcleaned by deleting - quarantined
    C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf2.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined
    C:\Users\Tony&Theodore\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf3.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.