Need help removing Sirefef, Windows 7 64-bit shuts down in less than 1 min

Solved
By mrx64
Jul 29, 2012
  1. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    ok..about how long will it usually run?
  2. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    I let it run overnight.. it froze with a black screen and I could not get the screen back up... I shut it down... restarted... shut all the programs down and reran combofix... it ran scans and restarted... but it is still not giving the report...so what is the next step?
  3. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  4. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    ok.. running appremover to remove MSE and malwarebytes.. it is at 77%... will do asap...thanks
  5. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    I didn't ask you to remove anything.....
    ???
  6. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    I was just following steps in the previous post...to get combofix to run
  7. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    There is nothing there about removing MSE or MBAM.
  8. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    mse was corrupted malware trial was up... and not working properly...so what next
  9. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    If they're not working you can reinstall them but next time around ask first.

    Then go ahead with my reply # 28
  10. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    there is an rk quarantine on desktop too

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: Mr X [Admin rights]
    Mode: Scan -- Date: 07/30/2012 17:49:13

    ¤¤¤ Bad processes: 2 ¤¤¤
    [SUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe -> KILLED [TermProc]
    [SUSP PATH] NDSPCShowServer.exe -- C:\Users\Mr X\AppData\Local\DIRECTV Player\NDSPCShowServer.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe") -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-883996547-2889226150-1078755804-1000[...]\Run : PCShowServer ("C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe") -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 +++++
    --- User ---
    [MBR] b0caa8208d1b2bcb33605a4455ee22df
    [BSP] adb28719e35cb78fd971d8df41dda4b9 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 291143 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  11. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    aswMBR.exe seems to have frozen...mouse will not move...has done this twice...cant get to the clock to see if it is still working...hard drive light not flashing
  12. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  13. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    18:32:34.0570 3700 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    18:32:35.0160 3700 ============================================================
    18:32:35.0160 3700 Current date / time: 2012/07/30 18:32:35.0160
    18:32:35.0160 3700 SystemInfo:
    18:32:35.0160 3700
    18:32:35.0160 3700 OS Version: 6.1.7600 ServicePack: 0.0
    18:32:35.0160 3700 Product type: Workstation
    18:32:35.0160 3700 ComputerName: MRX-PC
    18:32:35.0160 3700 UserName: Mr X
    18:32:35.0160 3700 Windows directory: C:\Windows
    18:32:35.0160 3700 System windows directory: C:\Windows
    18:32:35.0160 3700 Running under WOW64
    18:32:35.0160 3700 Processor architecture: Intel x64
    18:32:35.0160 3700 Number of processors: 2
    18:32:35.0160 3700 Page size: 0x1000
    18:32:35.0160 3700 Boot type: Normal boot
    18:32:35.0160 3700 ============================================================
    18:32:37.0056 3700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:32:37.0072 3700 ============================================================
    18:32:37.0072 3700 \Device\Harddisk0\DR0:
    18:32:37.0072 3700 MBR partitions:
    18:32:37.0072 3700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
    18:32:37.0072 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x238A3AB0
    18:32:37.0072 3700 ============================================================
    18:32:37.0103 3700 C: <-> \Device\Harddisk0\DR0\Partition1
    18:32:37.0103 3700 ============================================================
    18:32:37.0103 3700 Initialize success
    18:32:37.0103 3700 ============================================================
    18:32:56.0006 1812 ============================================================
    18:32:56.0006 1812 Scan started
    18:32:56.0006 1812 Mode: Manual;
    18:32:56.0006 1812 ============================================================
    18:32:58.0016 1812 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    18:32:58.0046 1812 1394ohci - ok
    18:32:58.0126 1812 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    18:32:58.0146 1812 ACPI - ok
    18:32:58.0166 1812 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    18:32:58.0166 1812 AcpiPmi - ok
    18:32:58.0316 1812 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:32:58.0316 1812 AdobeARMservice - ok
    18:32:58.0496 1812 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:32:58.0526 1812 AdobeFlashPlayerUpdateSvc - ok
    18:32:58.0596 1812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:32:58.0626 1812 adp94xx - ok
    18:32:58.0686 1812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:32:58.0716 1812 adpahci - ok
    18:32:58.0806 1812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:32:58.0816 1812 adpu320 - ok
    18:32:58.0876 1812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:32:58.0876 1812 AeLookupSvc - ok
    18:32:58.0996 1812 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    18:32:59.0056 1812 AFD - ok
    18:32:59.0086 1812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    18:32:59.0086 1812 agp440 - ok
    18:32:59.0116 1812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:32:59.0116 1812 ALG - ok
    18:32:59.0136 1812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    18:32:59.0146 1812 aliide - ok
    18:32:59.0156 1812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    18:32:59.0156 1812 amdide - ok
    18:32:59.0186 1812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:32:59.0186 1812 AmdK8 - ok
    18:32:59.0206 1812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:32:59.0216 1812 AmdPPM - ok
    18:32:59.0276 1812 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    18:32:59.0286 1812 amdsata - ok
    18:32:59.0326 1812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:32:59.0336 1812 amdsbs - ok
    18:32:59.0366 1812 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    18:32:59.0366 1812 amdxata - ok
    18:32:59.0436 1812 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
    18:32:59.0436 1812 AmUStor - ok
    18:32:59.0466 1812 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    18:32:59.0466 1812 AppID - ok
    18:32:59.0496 1812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:32:59.0496 1812 AppIDSvc - ok
    18:32:59.0516 1812 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    18:32:59.0526 1812 Appinfo - ok
    18:32:59.0576 1812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:32:59.0576 1812 arc - ok
    18:32:59.0606 1812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:32:59.0616 1812 arcsas - ok
    18:32:59.0786 1812 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:32:59.0816 1812 aspnet_state - ok
    18:32:59.0856 1812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:32:59.0866 1812 AsyncMac - ok
    18:32:59.0886 1812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    18:32:59.0886 1812 atapi - ok
    18:33:00.0186 1812 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
    18:33:00.0266 1812 athr - ok
    18:33:00.0496 1812 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    18:33:00.0536 1812 AudioEndpointBuilder - ok
    18:33:00.0556 1812 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    18:33:00.0566 1812 AudioSrv - ok
    18:33:00.0816 1812 AVG Security Toolbar Service (f194d1e058a39e39bc74400321f4da61) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    18:33:00.0846 1812 AVG Security Toolbar Service - ok
    18:33:00.0946 1812 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
    18:33:00.0956 1812 Avgfwfd - ok
    18:33:01.0196 1812 avgfws (18edc2f3076d32c6c6b98f11eb85d2cb) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    18:33:01.0276 1812 avgfws - ok
    18:33:01.0706 1812 AVGIDSAgent (288778d9e2d1c7e8a5dbd5c6db8046b0) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    18:33:01.0826 1812 AVGIDSAgent - ok
    18:33:01.0966 1812 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    18:33:01.0966 1812 AVGIDSDriver - ok
    18:33:02.0026 1812 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    18:33:02.0026 1812 AVGIDSEH - ok
    18:33:02.0066 1812 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    18:33:02.0066 1812 AVGIDSFilter - ok
    18:33:02.0146 1812 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
    18:33:02.0156 1812 Avgldx64 - ok
    18:33:02.0166 1812 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
    18:33:02.0176 1812 Avgmfx64 - ok
    18:33:02.0196 1812 Avgrkx64 - ok
    18:33:02.0266 1812 Avgtdia (9140455490a9298f5a43500f1c886afe) C:\Windows\system32\DRIVERS\avgtdia.sys
    18:33:02.0276 1812 Avgtdia - ok
    18:33:02.0326 1812 avgwd (4af61a15b3614fef25fe93ea2fabd620) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    18:33:02.0336 1812 avgwd - ok
    18:33:02.0386 1812 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    18:33:02.0386 1812 AxInstSV - ok
    18:33:02.0456 1812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:33:02.0466 1812 b06bdrv - ok
    18:33:02.0506 1812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:33:02.0526 1812 b57nd60a - ok
    18:33:02.0636 1812 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    18:33:02.0646 1812 BBSvc - ok
    18:33:02.0756 1812 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    18:33:02.0776 1812 BCM43XX - ok
    18:33:02.0846 1812 BCSWAP (f2a12da12aa071a63f4e49137237a099) C:\Windows\system32\drivers\BCSWAP.sys
    18:33:02.0846 1812 BCSWAP - ok
    18:33:02.0936 1812 BCWipeSvc (ff8047c0b95c4e11442c75368ba3a582) C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe
    18:33:02.0936 1812 BCWipeSvc - ok
    18:33:02.0966 1812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:33:02.0966 1812 BDESVC - ok
    18:33:03.0006 1812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:33:03.0006 1812 Beep - ok
    18:33:03.0116 1812 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    18:33:03.0136 1812 BFE - ok
    18:33:03.0176 1812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:33:03.0176 1812 blbdrive - ok
    18:33:03.0226 1812 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    18:33:03.0226 1812 bowser - ok
    18:33:03.0236 1812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:33:03.0246 1812 BrFiltLo - ok
    18:33:03.0256 1812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:33:03.0266 1812 BrFiltUp - ok
    18:33:03.0306 1812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:33:03.0316 1812 BridgeMP - ok
    18:33:03.0366 1812 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    18:33:03.0366 1812 Browser - ok
    18:33:03.0416 1812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:33:03.0426 1812 Brserid - ok
    18:33:03.0446 1812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:33:03.0456 1812 BrSerWdm - ok
    18:33:03.0476 1812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:33:03.0476 1812 BrUsbMdm - ok
    18:33:03.0496 1812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:33:03.0496 1812 BrUsbSer - ok
    18:33:03.0526 1812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:33:03.0526 1812 BTHMODEM - ok
    18:33:03.0566 1812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:33:03.0566 1812 bthserv - ok
    18:33:03.0736 1812 catchme - ok
    18:33:03.0766 1812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:33:03.0776 1812 cdfs - ok
    18:33:03.0816 1812 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    18:33:03.0826 1812 cdrom - ok
    18:33:03.0866 1812 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    18:33:03.0866 1812 CertPropSvc - ok
    18:33:03.0906 1812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:33:03.0906 1812 circlass - ok
    18:33:03.0956 1812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:33:03.0976 1812 CLFS - ok
    18:33:04.0056 1812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:33:04.0066 1812 clr_optimization_v2.0.50727_32 - ok
    18:33:04.0116 1812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:33:04.0126 1812 clr_optimization_v2.0.50727_64 - ok
    18:33:04.0246 1812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:33:04.0376 1812 clr_optimization_v4.0.30319_32 - ok
    18:33:04.0476 1812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:33:04.0496 1812 clr_optimization_v4.0.30319_64 - ok
    18:33:04.0516 1812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:33:04.0526 1812 CmBatt - ok
    18:33:04.0546 1812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    18:33:04.0546 1812 cmdide - ok
    18:33:04.0626 1812 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
    18:33:04.0626 1812 CNG - ok
    18:33:04.0646 1812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:33:04.0646 1812 Compbatt - ok
    18:33:04.0666 1812 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    18:33:04.0666 1812 CompositeBus - ok
    18:33:04.0666 1812 COMSysApp - ok
    18:33:04.0686 1812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:33:04.0686 1812 crcdisk - ok
    18:33:04.0736 1812 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    18:33:04.0746 1812 CryptSvc - ok
    18:33:04.0946 1812 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    18:33:04.0966 1812 cvhsvc - ok
    18:33:05.0026 1812 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    18:33:05.0046 1812 DcomLaunch - ok
    18:33:05.0096 1812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:33:05.0106 1812 defragsvc - ok
    18:33:05.0226 1812 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    18:33:05.0226 1812 DfsC - ok
    18:33:05.0276 1812 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    18:33:05.0286 1812 Dhcp - ok
    18:33:05.0296 1812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:33:05.0296 1812 discache - ok
    18:33:05.0346 1812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:33:05.0346 1812 Disk - ok
    18:33:05.0386 1812 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    18:33:05.0396 1812 Dnscache - ok
    18:33:05.0436 1812 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    18:33:05.0456 1812 dot3svc - ok
    18:33:05.0536 1812 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    18:33:05.0546 1812 Dot4 - ok
    18:33:05.0596 1812 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    18:33:05.0596 1812 Dot4Print - ok
    18:33:05.0636 1812 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    18:33:05.0636 1812 dot4usb - ok
    18:33:05.0666 1812 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    18:33:05.0676 1812 DPS - ok
    18:33:05.0686 1812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:33:05.0686 1812 drmkaud - ok
    18:33:05.0826 1812 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    18:33:05.0826 1812 DsiWMIService - ok
    18:33:05.0916 1812 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    18:33:05.0916 1812 dtsoftbus01 - ok
    18:33:06.0036 1812 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    18:33:06.0046 1812 DXGKrnl - ok
    18:33:06.0096 1812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:33:06.0106 1812 EapHost - ok
    18:33:06.0356 1812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:33:06.0436 1812 ebdrv - ok
    18:33:06.0586 1812 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    18:33:06.0616 1812 EFS - ok
    18:33:06.0736 1812 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    18:33:06.0766 1812 ehRecvr - ok
    18:33:06.0816 1812 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:33:06.0846 1812 ehSched - ok
    18:33:06.0916 1812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:33:06.0936 1812 elxstor - ok
    18:33:07.0106 1812 ePowerSvc (09ddc2d4724a4ff844f738b60e63d872) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    18:33:07.0126 1812 ePowerSvc - ok
    18:33:07.0196 1812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    18:33:07.0196 1812 ErrDev - ok
    18:33:07.0306 1812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:33:07.0316 1812 EventSystem - ok
    18:33:07.0366 1812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:33:07.0366 1812 exfat - ok
    18:33:07.0436 1812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:33:07.0436 1812 fastfat - ok
    18:33:07.0506 1812 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    18:33:07.0526 1812 Fax - ok
    18:33:07.0546 1812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:33:07.0546 1812 fdc - ok
    18:33:07.0566 1812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:33:07.0576 1812 fdPHost - ok
    18:33:07.0586 1812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:33:07.0586 1812 FDResPub - ok
    18:33:07.0606 1812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:33:07.0606 1812 FileInfo - ok
    18:33:07.0616 1812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:33:07.0626 1812 Filetrace - ok
    18:33:07.0796 1812 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:33:07.0836 1812 FLEXnet Licensing Service - ok
    18:33:07.0856 1812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:33:07.0856 1812 flpydisk - ok
    18:33:07.0896 1812 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    18:33:07.0906 1812 FltMgr - ok
    18:33:08.0046 1812 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
    18:33:08.0076 1812 FontCache - ok
    18:33:08.0176 1812 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:33:08.0176 1812 FontCache3.0.0.0 - ok
    18:33:08.0236 1812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:33:08.0236 1812 FsDepends - ok
    18:33:08.0276 1812 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    18:33:08.0276 1812 Fs_Rec - ok
    18:33:08.0326 1812 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:33:08.0336 1812 fvevol - ok
     
  14. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    18:33:08.0356 1812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:33:08.0366 1812 gagp30kx - ok
    18:33:08.0466 1812 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
    18:33:08.0486 1812 GameConsoleService - ok
    18:33:08.0576 1812 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    18:33:08.0596 1812 gpsvc - ok
    18:33:08.0676 1812 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    18:33:08.0676 1812 GREGService - ok
    18:33:08.0786 1812 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:33:08.0796 1812 gupdate - ok
    18:33:08.0816 1812 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:33:08.0816 1812 gupdatem - ok
    18:33:08.0866 1812 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:33:08.0876 1812 gusvc - ok
    18:33:08.0926 1812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:33:08.0926 1812 hcw85cir - ok
    18:33:08.0976 1812 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    18:33:08.0996 1812 HdAudAddService - ok
    18:33:09.0036 1812 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:33:09.0036 1812 HDAudBus - ok
    18:33:09.0066 1812 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    18:33:09.0066 1812 HECIx64 - ok
    18:33:09.0096 1812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:33:09.0096 1812 HidBatt - ok
    18:33:09.0126 1812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:33:09.0126 1812 HidBth - ok
    18:33:09.0146 1812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:33:09.0146 1812 HidIr - ok
    18:33:09.0176 1812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    18:33:09.0176 1812 hidserv - ok
    18:33:09.0196 1812 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    18:33:09.0196 1812 HidUsb - ok
    18:33:09.0226 1812 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    18:33:09.0256 1812 hkmsvc - ok
    18:33:09.0286 1812 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    18:33:09.0306 1812 HomeGroupListener - ok
    18:33:09.0346 1812 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    18:33:09.0356 1812 HomeGroupProvider - ok
    18:33:09.0526 1812 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    18:33:09.0536 1812 HP LaserJet Service - ok
    18:33:09.0706 1812 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    18:33:09.0706 1812 hpqcxs08 - ok
    18:33:09.0766 1812 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    18:33:09.0776 1812 hpqddsvc - ok
    18:33:09.0806 1812 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    18:33:09.0806 1812 HpSAMD - ok
    18:33:09.0896 1812 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    18:33:09.0926 1812 HTTP - ok
    18:33:09.0946 1812 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    18:33:09.0946 1812 hwpolicy - ok
    18:33:09.0966 1812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    18:33:09.0976 1812 i8042prt - ok
    18:33:10.0056 1812 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    18:33:10.0056 1812 iaStor - ok
    18:33:10.0156 1812 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    18:33:10.0166 1812 iaStorV - ok
    18:33:10.0276 1812 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    18:33:10.0286 1812 IDriverT - ok
    18:33:10.0416 1812 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:33:10.0436 1812 idsvc - ok
    18:33:11.0226 1812 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:33:11.0416 1812 igfx - ok
    18:33:11.0516 1812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:33:11.0526 1812 iirsp - ok
    18:33:11.0606 1812 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    18:33:11.0626 1812 IKEEXT - ok
    18:33:11.0686 1812 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    18:33:11.0696 1812 Impcd - ok
    18:33:11.0916 1812 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
    18:33:11.0926 1812 IntcAzAudAddService - ok
    18:33:12.0026 1812 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    18:33:12.0046 1812 IntcDAud - ok
    18:33:12.0066 1812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    18:33:12.0066 1812 intelide - ok
    18:33:12.0086 1812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:33:12.0086 1812 intelppm - ok
    18:33:12.0106 1812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:33:12.0106 1812 IPBusEnum - ok
    18:33:12.0126 1812 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:33:12.0136 1812 IpFilterDriver - ok
    18:33:12.0236 1812 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    18:33:12.0246 1812 iphlpsvc - ok
    18:33:12.0266 1812 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    18:33:12.0276 1812 IPMIDRV - ok
    18:33:12.0306 1812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:33:12.0306 1812 IPNAT - ok
    18:33:12.0326 1812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:33:12.0326 1812 IRENUM - ok
    18:33:12.0336 1812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    18:33:12.0346 1812 isapnp - ok
    18:33:12.0376 1812 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    18:33:12.0386 1812 iScsiPrt - ok
    18:33:12.0466 1812 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
    18:33:12.0466 1812 k57nd60a - ok
    18:33:12.0486 1812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:33:12.0486 1812 kbdclass - ok
    18:33:12.0506 1812 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:33:12.0506 1812 kbdhid - ok
    18:33:12.0556 1812 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:33:12.0556 1812 KeyIso - ok
    18:33:12.0606 1812 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
    18:33:12.0606 1812 KSecDD - ok
    18:33:12.0656 1812 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
    18:33:12.0656 1812 KSecPkg - ok
    18:33:12.0676 1812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:33:12.0676 1812 ksthunk - ok
    18:33:12.0736 1812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:33:12.0756 1812 KtmRm - ok
    18:33:12.0776 1812 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
    18:33:12.0786 1812 L1E - ok
    18:33:12.0846 1812 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    18:33:12.0866 1812 LanmanServer - ok
    18:33:12.0906 1812 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    18:33:12.0916 1812 LanmanWorkstation - ok
    18:33:13.0066 1812 Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    18:33:13.0076 1812 Live Updater Service - ok
    18:33:13.0096 1812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:33:13.0096 1812 lltdio - ok
    18:33:13.0156 1812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:33:13.0166 1812 lltdsvc - ok
    18:33:13.0186 1812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:33:13.0186 1812 lmhosts - ok
    18:33:13.0316 1812 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    18:33:13.0326 1812 LMS - ok
    18:33:13.0376 1812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:33:13.0376 1812 LSI_FC - ok
    18:33:13.0406 1812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:33:13.0406 1812 LSI_SAS - ok
    18:33:13.0426 1812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:33:13.0426 1812 LSI_SAS2 - ok
    18:33:13.0446 1812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:33:13.0456 1812 LSI_SCSI - ok
    18:33:13.0486 1812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:33:13.0486 1812 luafv - ok
    18:33:13.0536 1812 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    18:33:13.0536 1812 Mcx2Svc - ok
    18:33:13.0556 1812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:33:13.0556 1812 megasas - ok
    18:33:13.0606 1812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:33:13.0616 1812 MegaSR - ok
    18:33:13.0656 1812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:33:13.0656 1812 MMCSS - ok
    18:33:13.0686 1812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:33:13.0686 1812 Modem - ok
    18:33:13.0736 1812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:33:13.0736 1812 monitor - ok
    18:33:13.0756 1812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:33:13.0766 1812 mouclass - ok
    18:33:13.0826 1812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:33:13.0856 1812 mouhid - ok
    18:33:13.0896 1812 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    18:33:13.0896 1812 mountmgr - ok
    18:33:14.0076 1812 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:33:14.0076 1812 MozillaMaintenance - ok
    18:33:14.0116 1812 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    18:33:14.0126 1812 mpio - ok
    18:33:14.0176 1812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:33:14.0186 1812 mpsdrv - ok
    18:33:14.0296 1812 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    18:33:14.0326 1812 MpsSvc - ok
    18:33:14.0356 1812 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    18:33:14.0366 1812 MRxDAV - ok
    18:33:14.0416 1812 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:33:14.0476 1812 mrxsmb - ok
    18:33:14.0546 1812 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:33:14.0566 1812 mrxsmb10 - ok
    18:33:14.0586 1812 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:33:14.0616 1812 mrxsmb20 - ok
    18:33:14.0636 1812 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    18:33:14.0636 1812 msahci - ok
    18:33:14.0666 1812 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    18:33:14.0676 1812 msdsm - ok
    18:33:14.0696 1812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:33:14.0716 1812 MSDTC - ok
    18:33:14.0736 1812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:33:14.0746 1812 Msfs - ok
    18:33:14.0766 1812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:33:14.0766 1812 mshidkmdf - ok
    18:33:14.0776 1812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    18:33:14.0786 1812 msisadrv - ok
    18:33:14.0826 1812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:33:14.0826 1812 MSiSCSI - ok
    18:33:14.0836 1812 msiserver - ok
    18:33:14.0856 1812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:33:14.0856 1812 MSKSSRV - ok
    18:33:14.0876 1812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:33:14.0876 1812 MSPCLOCK - ok
    18:33:14.0886 1812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:33:14.0896 1812 MSPQM - ok
    18:33:14.0936 1812 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    18:33:14.0936 1812 MsRPC - ok
    18:33:14.0956 1812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    18:33:14.0956 1812 mssmbios - ok
    18:33:14.0976 1812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:33:14.0976 1812 MSTEE - ok
    18:33:14.0986 1812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:33:14.0986 1812 MTConfig - ok
    18:33:15.0006 1812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:33:15.0006 1812 Mup - ok
    18:33:15.0026 1812 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    18:33:15.0036 1812 mwlPSDFilter - ok
    18:33:15.0046 1812 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    18:33:15.0046 1812 mwlPSDNServ - ok
    18:33:15.0076 1812 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    18:33:15.0076 1812 mwlPSDVDisk - ok
    18:33:15.0356 1812 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    18:33:15.0366 1812 MWLService - ok
    18:33:15.0746 1812 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    18:33:15.0776 1812 napagent - ok
    18:33:15.0906 1812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:33:15.0916 1812 NativeWifiP - ok
    18:33:16.0316 1812 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    18:33:16.0356 1812 NDIS - ok
    18:33:16.0446 1812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:33:16.0496 1812 NdisCap - ok
    18:33:16.0526 1812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:33:16.0526 1812 NdisTapi - ok
    18:33:16.0576 1812 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:33:16.0586 1812 Ndisuio - ok
    18:33:16.0726 1812 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:33:16.0736 1812 NdisWan - ok
    18:33:16.0756 1812 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    18:33:16.0756 1812 NDProxy - ok
    18:33:16.0816 1812 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    18:33:16.0816 1812 Net Driver HPZ12 - ok
    18:33:16.0836 1812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:33:16.0836 1812 NetBIOS - ok
    18:33:16.0866 1812 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    18:33:16.0886 1812 NetBT - ok
    18:33:16.0936 1812 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:33:16.0936 1812 Netlogon - ok
    18:33:16.0996 1812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:33:17.0036 1812 Netman - ok
    18:33:17.0166 1812 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:33:17.0226 1812 NetMsmqActivator - ok
    18:33:17.0226 1812 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:33:17.0226 1812 NetPipeActivator - ok
    18:33:17.0266 1812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:33:17.0276 1812 netprofm - ok
    18:33:17.0296 1812 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:33:17.0296 1812 NetTcpActivator - ok
    18:33:17.0306 1812 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:33:17.0306 1812 NetTcpPortSharing - ok
    18:33:17.0376 1812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:33:17.0376 1812 nfrd960 - ok
    18:33:17.0426 1812 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    18:33:17.0436 1812 NlaSvc - ok
    18:33:17.0726 1812 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    18:33:17.0826 1812 NOBU - ok
    18:33:18.0466 1812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:33:18.0466 1812 Npfs - ok
    18:33:18.0536 1812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:33:18.0546 1812 nsi - ok
    18:33:18.0596 1812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:33:18.0606 1812 nsiproxy - ok
    18:33:18.0886 1812 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    18:33:18.0946 1812 Ntfs - ok
    18:33:19.0236 1812 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    18:33:19.0266 1812 NTI IScheduleSvc - ok
    18:33:19.0346 1812 NTIBackupSvc (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    18:33:19.0346 1812 NTIBackupSvc - ok
    18:33:19.0496 1812 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    18:33:19.0506 1812 NTIDrvr - ok
    18:33:19.0546 1812 NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    18:33:19.0656 1812 NTISchedulerSvc - ok
    18:33:19.0706 1812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:33:19.0706 1812 Null - ok
    18:33:19.0756 1812 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    18:33:19.0766 1812 nvraid - ok
    18:33:19.0846 1812 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    18:33:19.0856 1812 nvstor - ok
    18:33:19.0906 1812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    18:33:19.0906 1812 nv_agp - ok
    18:33:19.0966 1812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    18:33:19.0966 1812 ohci1394 - ok
    18:33:20.0076 1812 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:33:20.0086 1812 ose - ok
    18:33:20.0526 1812 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:33:20.0646 1812 osppsvc - ok
    18:33:20.0776 1812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:33:20.0786 1812 p2pimsvc - ok
    18:33:20.0836 1812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:33:20.0846 1812 p2psvc - ok
    18:33:20.0896 1812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:33:20.0906 1812 Parport - ok
    18:33:20.0956 1812 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    18:33:20.0956 1812 partmgr - ok
    18:33:21.0046 1812 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
    18:33:21.0056 1812 Partner Service - ok
    18:33:21.0096 1812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:33:21.0096 1812 PcaSvc - ok
    18:33:21.0126 1812 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    18:33:21.0136 1812 pci - ok
    18:33:21.0156 1812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    18:33:21.0166 1812 pciide - ok
    18:33:21.0466 1812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:33:21.0486 1812 pcmcia - ok
    18:33:21.0586 1812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:33:21.0586 1812 pcw - ok
    18:33:21.0716 1812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:33:21.0736 1812 PEAUTH - ok
    18:33:21.0886 1812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:33:21.0896 1812 PerfHost - ok
    18:33:22.0066 1812 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    18:33:22.0096 1812 pla - ok
    18:33:22.0176 1812 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    18:33:22.0226 1812 PlugPlay - ok
    18:33:22.0296 1812 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    18:33:22.0306 1812 Pml Driver HPZ12 - ok
    18:33:22.0316 1812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:33:22.0326 1812 PNRPAutoReg - ok
    18:33:22.0366 1812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:33:22.0376 1812 PNRPsvc - ok
    18:33:22.0456 1812 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    18:33:22.0486 1812 PolicyAgent - ok
    18:33:22.0536 1812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:33:22.0546 1812 Power - ok
    18:33:22.0627 1812 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    18:33:22.0627 1812 PptpMiniport - ok
    18:33:22.0658 1812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:33:22.0658 1812 Processor - ok
    18:33:22.0721 1812 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
    18:33:22.0783 1812 ProfSvc - ok
    18:33:22.0845 1812 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:33:22.0861 1812 ProtectedStorage - ok
    18:33:22.0892 1812 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    18:33:22.0908 1812 Psched - ok
    18:33:23.0079 1812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:33:23.0095 1812 ql2300 - ok
    18:33:23.0779 1812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:33:23.0789 1812 ql40xx - ok
    18:33:23.0839 1812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:33:23.0869 1812 QWAVE - ok
    18:33:23.0909 1812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:33:23.0909 1812 QWAVEdrv - ok
    18:33:23.0949 1812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:33:23.0949 1812 RasAcd - ok
    18:33:23.0999 1812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:33:24.0009 1812 RasAgileVpn - ok
  15. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    18:33:24.0079 1812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:33:24.0089 1812 RasAuto - ok
    18:33:24.0239 1812 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:33:24.0279 1812 Rasl2tp - ok
    18:33:24.0389 1812 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    18:33:24.0409 1812 RasMan - ok
    18:33:24.0499 1812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:33:24.0529 1812 RasPppoe - ok
    18:33:24.0559 1812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:33:24.0569 1812 RasSstp - ok
    18:33:24.0709 1812 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    18:33:24.0729 1812 rdbss - ok
    18:33:24.0779 1812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:33:24.0779 1812 rdpbus - ok
    18:33:24.0829 1812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:33:24.0829 1812 RDPCDD - ok
    18:33:24.0849 1812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:33:24.0849 1812 RDPENCDD - ok
    18:33:24.0869 1812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:33:24.0869 1812 RDPREFMP - ok
    18:33:25.0379 1812 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    18:33:25.0419 1812 RDPWD - ok
    18:33:25.0469 1812 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    18:33:25.0489 1812 rdyboost - ok
    18:33:25.0549 1812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:33:25.0549 1812 RemoteAccess - ok
    18:33:25.0589 1812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:33:25.0609 1812 RemoteRegistry - ok
    18:33:25.0639 1812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:33:25.0639 1812 RpcEptMapper - ok
    18:33:25.0669 1812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:33:25.0669 1812 RpcLocator - ok
    18:33:25.0749 1812 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    18:33:25.0759 1812 RpcSs - ok
    18:33:25.0810 1812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:33:25.0826 1812 rspndr - ok
    18:33:25.0888 1812 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:33:25.0888 1812 SamSs - ok
    18:33:25.0982 1812 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    18:33:25.0982 1812 sbp2port - ok
    18:33:26.0013 1812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:33:26.0044 1812 SCardSvr - ok
    18:33:26.0075 1812 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    18:33:26.0091 1812 scfilter - ok
    18:33:26.0309 1812 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    18:33:26.0372 1812 Schedule - ok
    18:33:26.0434 1812 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    18:33:26.0434 1812 SCPolicySvc - ok
    18:33:26.0512 1812 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    18:33:26.0528 1812 SDRSVC - ok
    18:33:26.0684 1812 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    18:33:26.0699 1812 SeaPort - ok
    18:33:26.0824 1812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:33:26.0840 1812 secdrv - ok
    18:33:26.0840 1812 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    18:33:26.0855 1812 seclogon - ok
    18:33:26.0887 1812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    18:33:26.0887 1812 SENS - ok
    18:33:26.0902 1812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:33:26.0902 1812 SensrSvc - ok
    18:33:26.0980 1812 Ser2ph (de3135e7ed559fc1c1b92aa7ba52ccdb) C:\Windows\system32\DRIVERS\ser2ph64.sys
    18:33:26.0996 1812 Ser2ph - ok
    18:33:27.0011 1812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:33:27.0011 1812 Serenum - ok
    18:33:27.0043 1812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:33:27.0043 1812 Serial - ok
    18:33:27.0058 1812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:33:27.0058 1812 sermouse - ok
    18:33:27.0136 1812 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    18:33:27.0136 1812 SessionEnv - ok
    18:33:27.0152 1812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    18:33:27.0167 1812 sffdisk - ok
    18:33:27.0167 1812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    18:33:27.0167 1812 sffp_mmc - ok
    18:33:27.0183 1812 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    18:33:27.0183 1812 sffp_sd - ok
    18:33:27.0199 1812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:33:27.0199 1812 sfloppy - ok
    18:33:27.0323 1812 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    18:33:27.0323 1812 Sftfs - ok
    18:33:27.0589 1812 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    18:33:27.0604 1812 sftlist - ok
    18:33:27.0698 1812 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    18:33:27.0698 1812 Sftplay - ok
    18:33:27.0776 1812 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    18:33:27.0776 1812 Sftredir - ok
    18:33:27.0791 1812 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    18:33:27.0791 1812 Sftvol - ok
    18:33:28.0041 1812 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    18:33:28.0041 1812 sftvsa - ok
    18:33:28.0197 1812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:33:28.0228 1812 SharedAccess - ok
    18:33:28.0441 1812 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    18:33:28.0461 1812 ShellHWDetection - ok
    18:33:28.0521 1812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:33:28.0521 1812 SiSRaid2 - ok
    18:33:28.0551 1812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:33:28.0551 1812 SiSRaid4 - ok
    18:33:28.0741 1812 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:33:28.0741 1812 SkypeUpdate - ok
    18:33:28.0771 1812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:33:28.0771 1812 Smb - ok
    18:33:28.0831 1812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:33:28.0831 1812 SNMPTRAP - ok
    18:33:28.0871 1812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:33:28.0871 1812 spldr - ok
    18:33:28.0951 1812 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    18:33:28.0961 1812 Spooler - ok
    18:33:29.0331 1812 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    18:33:29.0371 1812 sppsvc - ok
    18:33:29.0981 1812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:33:30.0011 1812 sppuinotify - ok
    18:33:30.0341 1812 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    18:33:30.0411 1812 srv - ok
    18:33:30.0501 1812 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    18:33:30.0521 1812 srv2 - ok
    18:33:30.0631 1812 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    18:33:30.0631 1812 srvnet - ok
    18:33:30.0771 1812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:33:30.0781 1812 SSDPSRV - ok
    18:33:31.0091 1812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:33:31.0121 1812 SstpSvc - ok
    18:33:31.0161 1812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:33:31.0171 1812 stexstor - ok
    18:33:31.0211 1812 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    18:33:31.0211 1812 StillCam - ok
    18:33:31.0321 1812 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    18:33:31.0351 1812 stisvc - ok
    18:33:31.0911 1812 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
    18:33:31.0971 1812 Stuffit Archive Name Service - ok
    18:33:32.0431 1812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    18:33:32.0431 1812 swenum - ok
    18:33:32.0601 1812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:33:32.0621 1812 swprv - ok
    18:33:32.0931 1812 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
    18:33:32.0941 1812 SynTP - ok
    18:33:33.0271 1812 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    18:33:33.0371 1812 SysMain - ok
    18:33:33.0551 1812 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    18:33:33.0561 1812 TabletInputService - ok
    18:33:33.0721 1812 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    18:33:33.0751 1812 TapiSrv - ok
    18:33:33.0811 1812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:33:33.0821 1812 TBS - ok
    18:33:34.0101 1812 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    18:33:34.0131 1812 Tcpip - ok
    18:33:34.0371 1812 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    18:33:34.0391 1812 TCPIP6 - ok
    18:33:34.0641 1812 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    18:33:34.0651 1812 tcpipreg - ok
    18:33:34.0731 1812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:33:34.0741 1812 TDPIPE - ok
    18:33:34.0791 1812 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    18:33:34.0821 1812 TDTCP - ok
    18:33:34.0901 1812 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    18:33:34.0931 1812 tdx - ok
    18:33:35.0051 1812 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    18:33:35.0051 1812 TermDD - ok
    18:33:35.0141 1812 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    18:33:35.0181 1812 TermService - ok
    18:33:35.0201 1812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:33:35.0201 1812 Themes - ok
    18:33:35.0231 1812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:33:35.0231 1812 THREADORDER - ok
    18:33:35.0401 1812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:33:35.0431 1812 TrkWks - ok
    18:33:35.0521 1812 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    18:33:35.0551 1812 TrustedInstaller - ok
    18:33:35.0701 1812 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:33:35.0731 1812 tssecsrv - ok
    18:33:35.0771 1812 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    18:33:35.0781 1812 tunnel - ok
    18:33:35.0941 1812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:33:35.0971 1812 uagp35 - ok
    18:33:36.0011 1812 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    18:33:36.0011 1812 UBHelper - ok
    18:33:36.0141 1812 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    18:33:36.0171 1812 udfs - ok
    18:33:36.0241 1812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:33:36.0251 1812 UI0Detect - ok
    18:33:36.0281 1812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    18:33:36.0281 1812 uliagpkx - ok
    18:33:36.0371 1812 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    18:33:36.0411 1812 umbus - ok
    18:33:36.0441 1812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:33:36.0441 1812 UmPass - ok
    18:33:36.0931 1812 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    18:33:36.0981 1812 UNS - ok
    18:33:37.0161 1812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:33:37.0161 1812 upnphost - ok
    18:33:37.0321 1812 usbbus (e493a1ab49cec05e48828cf949a5a2c3) C:\Windows\system32\DRIVERS\lgx64bus.sys
    18:33:37.0351 1812 usbbus - ok
    18:33:37.0421 1812 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:33:37.0451 1812 usbccgp - ok
    18:33:37.0621 1812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    18:33:37.0621 1812 usbcir - ok
    18:33:37.0711 1812 UsbDiag (0614c32187d0d12ad971d83df2eb9b53) C:\Windows\system32\DRIVERS\lgx64diag.sys
    18:33:37.0711 1812 UsbDiag - ok
    18:33:37.0731 1812 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    18:33:37.0741 1812 usbehci - ok
    18:33:37.0871 1812 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    18:33:37.0921 1812 usbhub - ok
    18:33:38.0031 1812 USBModem (ecc1f29b4d25ef757bd0986c6a0518d6) C:\Windows\system32\DRIVERS\lgx64modem.sys
    18:33:38.0061 1812 USBModem - ok
    18:33:38.0101 1812 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    18:33:38.0111 1812 usbohci - ok
    18:33:38.0141 1812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:33:38.0151 1812 usbprint - ok
    18:33:38.0201 1812 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    18:33:38.0211 1812 usbscan - ok
    18:33:38.0261 1812 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:33:38.0361 1812 USBSTOR - ok
    18:33:38.0391 1812 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    18:33:38.0391 1812 usbuhci - ok
    18:33:38.0441 1812 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    18:33:38.0441 1812 usbvideo - ok
    18:33:38.0531 1812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:33:38.0531 1812 UxSms - ok
    18:33:38.0621 1812 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:33:38.0621 1812 VaultSvc - ok
    18:33:38.0661 1812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    18:33:38.0661 1812 vdrvroot - ok
    18:33:38.0751 1812 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    18:33:38.0781 1812 vds - ok
    18:33:38.0841 1812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:33:38.0851 1812 vga - ok
    18:33:38.0871 1812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:33:38.0871 1812 VgaSave - ok
    18:33:38.0901 1812 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    18:33:38.0941 1812 vhdmp - ok
    18:33:38.0981 1812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    18:33:38.0991 1812 viaide - ok
    18:33:39.0041 1812 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    18:33:39.0041 1812 volmgr - ok
    18:33:39.0081 1812 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    18:33:39.0091 1812 volmgrx - ok
    18:33:39.0161 1812 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    18:33:39.0171 1812 volsnap - ok
    18:33:39.0201 1812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:33:39.0261 1812 vsmraid - ok
    18:33:39.0491 1812 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    18:33:39.0621 1812 VSS - ok
    18:33:40.0131 1812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    18:33:40.0141 1812 vwifibus - ok
    18:33:40.0201 1812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    18:33:40.0211 1812 vwififlt - ok
    18:33:40.0561 1812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:33:40.0601 1812 W32Time - ok
    18:33:40.0651 1812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:33:40.0661 1812 WacomPen - ok
    18:33:40.0711 1812 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    18:33:40.0711 1812 WANARP - ok
    18:33:40.0721 1812 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    18:33:40.0721 1812 Wanarpv6 - ok
    18:33:41.0121 1812 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:33:41.0199 1812 WatAdminSvc - ok
    18:33:41.0433 1812 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    18:33:41.0464 1812 wbengine - ok
    18:33:41.0854 1812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:33:41.0948 1812 WbioSrvc - ok
    18:33:42.0026 1812 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    18:33:42.0041 1812 wcncsvc - ok
    18:33:42.0104 1812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:33:42.0159 1812 WcsPlugInService - ok
    18:33:42.0229 1812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:33:42.0229 1812 Wd - ok
    18:33:42.0289 1812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:33:42.0319 1812 Wdf01000 - ok
    18:33:42.0379 1812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:33:42.0409 1812 WdiServiceHost - ok
    18:33:42.0419 1812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:33:42.0419 1812 WdiSystemHost - ok
    18:33:42.0779 1812 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    18:33:42.0809 1812 WebClient - ok
    18:33:42.0889 1812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:33:42.0929 1812 Wecsvc - ok
    18:33:42.0949 1812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:33:42.0959 1812 wercplsupport - ok
    18:33:42.0979 1812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:33:42.0979 1812 WerSvc - ok
    18:33:43.0019 1812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:33:43.0029 1812 WfpLwf - ok
    18:33:43.0039 1812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:33:43.0039 1812 WIMMount - ok
    18:33:43.0119 1812 WinDefend - ok
    18:33:43.0129 1812 WinHttpAutoProxySvc - ok
    18:33:43.0519 1812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:33:43.0559 1812 Winmgmt - ok
    18:33:43.0959 1812 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    18:33:44.0029 1812 WinRM - ok
    18:33:44.0709 1812 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:33:44.0709 1812 WinUsb - ok
    18:33:44.0869 1812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:33:44.0919 1812 Wlansvc - ok
    18:33:45.0149 1812 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:33:45.0149 1812 wlcrasvc - ok
    18:33:45.0609 1812 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:33:45.0699 1812 wlidsvc - ok
    18:33:45.0939 1812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    18:33:45.0979 1812 WmiAcpi - ok
    18:33:46.0189 1812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:33:46.0189 1812 wmiApSrv - ok
    18:33:46.0259 1812 WMPNetworkSvc - ok
    18:33:46.0299 1812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:33:46.0299 1812 WPCSvc - ok
    18:33:46.0329 1812 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    18:33:46.0329 1812 WPDBusEnum - ok
    18:33:46.0389 1812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:33:46.0389 1812 ws2ifsl - ok
    18:33:46.0449 1812 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    18:33:46.0459 1812 wscsvc - ok
    18:33:46.0459 1812 WSearch - ok
    18:33:46.0779 1812 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    18:33:46.0859 1812 wuauserv - ok
    18:33:47.0199 1812 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    18:33:47.0229 1812 WudfPf - ok
    18:33:47.0329 1812 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:33:47.0359 1812 WUDFRd - ok
    18:33:47.0399 1812 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    18:33:47.0399 1812 wudfsvc - ok
    18:33:47.0449 1812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:33:47.0509 1812 WwanSvc - ok
    18:33:47.0809 1812 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    18:33:47.0829 1812 YahooAUService - ok
    18:33:47.0929 1812 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    18:33:48.0809 1812 \Device\Harddisk0\DR0 - ok
    18:33:48.0839 1812 Boot (0x1200) (e2f32b4bb3559dafa5751672b72d63cc) \Device\Harddisk0\DR0\Partition0
    18:33:48.0839 1812 \Device\Harddisk0\DR0\Partition0 - ok
    18:33:48.0849 1812 Boot (0x1200) (8caa87220dfe808287b7847e160e4c17) \Device\Harddisk0\DR0\Partition1
    18:33:48.0859 1812 \Device\Harddisk0\DR0\Partition1 - ok
    18:33:48.0859 1812 ============================================================
    18:33:48.0859 1812 Scan finished
    18:33:48.0859 1812 ============================================================
    18:33:48.0979 1792 Detected object count: 0
  16. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    Actual detected object count: 0
  17. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Are you having any current issues with your computer?

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    OTL logfile created on: 7/30/2012 6:52:01 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mr X\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 65.00% Memory free
    7.35 Gb Paging File | 5.93 Gb Available in Paging File | 80.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.32 Gb Total Space | 26.72 Gb Free Space | 9.40% Space Free | Partition Type: NTFS

    Computer Name: MRX-PC | User Name: Mr X | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 18:49:31 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mr X\Desktop\OTL.exe
    PRC - [2012/04/26 07:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2012/04/02 16:50:14 | 000,351,888 | ---- | M] (NDS Technologies) -- C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    PRC - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/11/22 05:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    PRC - [2010/10/29 17:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/06/22 17:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/06/22 17:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/06/22 17:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/05/26 21:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    PRC - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    PRC - [2010/05/21 03:30:24 | 000,095,544 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe
    PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    PRC - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2010/03/08 18:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2009/10/30 12:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/02 16:52:04 | 000,091,240 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\z.dll
    MOD - [2012/04/02 16:51:50 | 001,402,488 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\libxml2-2.dll
    MOD - [2012/04/02 16:51:32 | 000,688,264 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
    MOD - [2012/04/02 16:50:40 | 006,809,720 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\gsttspplugin.dll
    MOD - [2012/04/02 16:50:30 | 000,273,528 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\ndsLogStore.dll
    MOD - [2012/04/02 16:50:24 | 000,051,864 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
    MOD - [2012/04/02 16:50:22 | 002,049,152 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\XferManagerDll.dll
    MOD - [2012/04/02 16:50:20 | 001,945,704 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\TSB.dll
    MOD - [2012/04/02 16:50:08 | 002,721,920 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerDll.dll
    MOD - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    MOD - [2012/04/02 16:49:56 | 001,988,216 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\DrmSingleton.dll
    MOD - [2012/04/02 16:49:52 | 001,226,872 | ---- | M] () -- C:\Users\Mr X\AppData\Local\DIRECTV Player\CatalogDll.dll
    MOD - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/03/08 19:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/23 12:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2012/07/27 13:16:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/18 22:34:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/26 22:00:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/11/25 10:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/11/22 05:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
    SRV - [2010/10/25 15:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
    SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/07/14 17:40:15 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
    SRV - [2010/06/22 17:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
    SRV - [2010/05/21 03:30:24 | 000,095,544 | ---- | M] (Jetico, Inc.) [Auto | Running] -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe -- (BCWipeSvc)
    SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/10/30 12:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/26 21:53:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/11/12 14:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2010/09/07 04:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2010/08/03 16:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2010/08/03 16:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2010/07/12 05:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2010/07/07 13:57:47 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2ph64.sys -- (Ser2ph)
    DRV:64bit: - [2010/04/21 14:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/04/07 13:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/08 03:25:08 | 000,101,952 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bcswap.sys -- (BCSWAP)
    DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2007/04/19 08:55:50 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2007/04/19 08:55:50 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2007/04/19 08:55:50 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=27361210j516l0458z125v47k18299
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=27361210j516l0458z125v47k18299
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=27361210j516l0458z125v47k18299
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publishe...74&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publishe...74&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publishe...74&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publishe...74&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{021EFEF6-2E6C-42FA-8E9D-59F229BFE2BF}: "URL" = http://tablespoon-qa.ratchet.com/search-results.aspx?keyword={searchterms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{02496A54-78F0-4F2F-9096-E9C15DC57A64}: "URL" = http://www.amazon.com/s?ie=UTF8&tag...aps&link_code=qs&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{180419D3-27F9-40EF-B9DF-C1BA6B4FD1CB}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{21B85D8F-125F-406E-ACF2-4D2EC3D9D234}: "URL" = http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&Description={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7ACAW_enUS408
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{69ACBF5F-0147-404F-BD5A-A73CADA010E4}: "URL" = http://search.avg.com/route/?d=4d59...e&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{77486D35-FE38-40CD-BBB8-D0C5D5ECF923}: "URL" = http://ws.infospace.com/gamers_brw/..._id=%userid&tool_id=%toolid&qkw={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{8D8F4E5B-C52B-4B00-955E-EFEFEFA2C94C}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{9B2B18E7-C20C-4C4C-92EF-4D429B7DF9F9}: "URL" = http://www.blinkx.com/ie/search-provider/Search-Execute?query={searchTerms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\SearchScopes\{ADDCCF61-FF6B-440E-BB0A-A499135603A4}: "URL" = http://www.bettycrocker.com/search/searchresults.aspx?terms={searchterms}
    IE - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========
  19. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Mr X\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Mr X\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Mr X\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/04/12 17:04:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/12 17:04:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/25 19:54:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:34:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 21:48:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/25 19:54:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:34:31 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 21:48:53 | 000,000,000 | ---D | M]

    [2011/07/24 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Extensions
    [2011/07/24 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/07/25 15:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions
    [2012/07/15 11:21:57 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
    [2012/05/18 16:18:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/07/17 17:25:45 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2011/05/27 01:27:32 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\plugin@yontoo.com
    [2010/12/15 21:43:56 | 000,001,820 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\bing.xml
    [2011/09/07 15:29:12 | 000,000,925 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\conduit.xml
    [2011/09/15 16:38:36 | 000,001,257 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\tvragecom.xml
    [2012/06/01 22:37:52 | 000,002,474 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\Web Search.xml
    [2012/03/10 17:31:42 | 000,001,673 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\web-search.xml
    [2012/05/01 21:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/01 21:46:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/18 22:34:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/25 16:18:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/01/01 22:54:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/01 22:54:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.a...n&SelfSearch=1&SearchSource=49&ctid=CT2559647
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Users\Mr X\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
    CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Mr X\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\
    CHR - Extension: BitTorrentBar = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
    CHR - Extension: Gmail = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/30 08:19:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O3 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup File not found
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
    O4 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000..\Run: [PCShowServer] C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
    O4 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 192.168.5.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08094233-7614-41EF-B4A0-751AA90CF451}: DhcpNameServer = 192.168.5.1 192.168.5.1
    O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 18:49:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mr X\Desktop\OTL.exe
    [2012/07/30 17:48:39 | 000,000,000 | ---D | C] -- C:\Users\Mr X\Desktop\RK_Quarantine
    [2012/07/30 17:46:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mr X\Desktop\aswMBR.exe
    [2012/07/30 08:19:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/30 08:05:45 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/29 22:19:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 21:03:56 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/29 20:16:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/29 20:16:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/29 20:16:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/29 20:16:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 20:15:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/29 20:13:58 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\Mr X\Desktop\ComboFix.exe
    [2012/07/27 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFAF400090747004EA24F4F147CE7
    [2012/07/27 12:20:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/24 08:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mr X\Desktop\TDSSKiller.exe
    [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 18:50:55 | 000,000,154 | ---- | M] () -- C:\Users\Mr X\Desktop\[Active] - Need help removing Sirefef, Windows (7) 64 bit shuts down in less than 1 min Page 3 - TechSpot Forums.URL
    [2012/07/30 18:49:31 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mr X\Desktop\OTL.exe
    [2012/07/30 18:46:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 18:35:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 18:35:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 18:26:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 18:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 18:25:27 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 18:06:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/30 17:46:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mr X\Desktop\aswMBR.exe
    [2012/07/30 17:44:50 | 001,552,384 | ---- | M] () -- C:\Users\Mr X\Desktop\RogueKiller.exe
    [2012/07/30 14:53:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/30 14:50:27 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/30 14:50:27 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/30 08:19:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/30 08:04:43 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\Mr X\Desktop\ComboFix.exe
    [2012/07/29 20:38:34 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/28 11:12:09 | 000,015,360 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
    [2012/07/27 23:30:01 | 000,797,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/27 12:26:55 | 000,002,048 | ---- | M] () -- C:\Users\Mr X\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/24 08:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mr X\Desktop\TDSSKiller.exe
    [2012/07/21 00:40:24 | 000,000,508 | ---- | M] () -- C:\Users\Mr X\Desktop\Calorie Count New Recipe.website
    [2012/07/11 18:02:55 | 000,273,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/30 18:50:55 | 000,000,154 | ---- | C] () -- C:\Users\Mr X\Desktop\[Active] - Need help removing Sirefef, Windows (7) 64 bit shuts down in less than 1 min Page 3 - TechSpot Forums.URL
    [2012/07/30 17:45:26 | 001,552,384 | ---- | C] () -- C:\Users\Mr X\Desktop\RogueKiller.exe
    [2012/07/29 20:16:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/29 20:16:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/29 20:16:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/29 20:16:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/29 20:16:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/27 13:15:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/15 17:11:50 | 000,000,508 | ---- | C] () -- C:\Users\Mr X\Desktop\Calorie Count New Recipe.website
    [2012/04/17 16:35:14 | 000,001,470 | ---- | C] () -- C:\Users\Mr X\.recently-used.xbel
    [2012/03/29 20:29:29 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
    [2012/03/01 15:17:19 | 000,007,597 | ---- | C] () -- C:\Users\Mr X\AppData\Local\Resmon.ResmonCfg
    [2011/12/01 20:42:28 | 000,000,173 | ---- | C] () -- C:\Windows\Readiris.ini
    [2011/08/25 17:26:32 | 000,008,192 | ---- | C] () -- C:\Users\Mr X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/25 19:41:40 | 000,167,807 | ---- | C] () -- C:\Windows\hpoins37.dat
    [2010/12/26 19:56:33 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
    [2010/12/18 16:37:29 | 000,797,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/05 13:21:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/09/18 10:58:11 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2010/09/18 10:55:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/09/18 10:55:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/09/18 10:55:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/09/18 10:55:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2010/09/18 10:55:18 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2010/09/18 10:54:52 | 000,001,605 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2009/07/13 23:57:08 | 000,001,330 | ---- | C] () -- C:\Users\Mr X\Sidebar.lnk

    ========== LOP Check ==========

    [2011/07/16 23:58:53 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\1470652_RipIt4Me
    [2011/07/16 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\1503381_RipIt4Me
    [2011/07/17 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\2411947_RipIt4Me
    [2011/07/17 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\2573922_RipIt4Me
    [2011/07/17 00:21:04 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\2825552_RipIt4Me
    [2011/05/27 01:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Asterisks Password Viewer
    [2011/02/14 12:10:32 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\AVG10
    [2010/12/04 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Barnes & Noble
    [2012/07/27 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\BitTorrent
    [2012/06/23 17:17:02 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Camfrog
    [2011/09/07 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/12/05 22:43:50 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    [2012/05/26 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\DAEMON Tools Pro
    [2011/11/15 16:08:55 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Liteon
    [2012/05/24 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Millennia
    [2011/05/27 01:27:32 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Modiac
    [2012/05/26 21:53:10 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\OpenCandy
    [2012/07/15 11:13:15 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\SoftGrid Client
    [2011/07/24 18:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\TomTom
    [2010/12/18 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\TP
    [2012/03/19 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\WeatherBug
    [2010/12/09 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Windows Live Writer
    [2012/06/03 21:15:42 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/05/10 06:38:53 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\孈΋
    [2011/05/10 06:38:53 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\孈΋

    < End of report >
  20. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Mr X\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Mr X\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Mr X\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/04/12 17:04:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/12 17:04:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/25 19:54:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:34:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 21:48:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/25 19:54:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:34:31 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 21:48:53 | 000,000,000 | ---D | M]

    [2011/07/24 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Extensions
    [2011/07/24 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/07/25 15:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions
    [2012/07/15 11:21:57 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
    [2012/05/18 16:18:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/07/17 17:25:45 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2011/05/27 01:27:32 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\extensions\plugin@yontoo.com
    [2010/12/15 21:43:56 | 000,001,820 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\bing.xml
    [2011/09/07 15:29:12 | 000,000,925 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\conduit.xml
    [2011/09/15 16:38:36 | 000,001,257 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\tvragecom.xml
    [2012/06/01 22:37:52 | 000,002,474 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\Web Search.xml
    [2012/03/10 17:31:42 | 000,001,673 | ---- | M] () -- C:\Users\Mr X\AppData\Roaming\Mozilla\Firefox\Profiles\pfk01lez.default\searchplugins\web-search.xml
    [2012/05/01 21:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/01 21:46:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/18 22:34:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/25 16:18:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/01/01 22:54:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/01 22:54:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.a...n&SelfSearch=1&SearchSource=49&ctid=CT2559647
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Users\Mr X\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
    CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Mr X\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1\
    CHR - Extension: BitTorrentBar = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
    CHR - Extension: Gmail = C:\Users\Mr X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/30 08:19:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O3 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup File not found
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
    O4 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000..\Run: [PCShowServer] C:\Users\Mr X\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
    O4 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 192.168.5.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08094233-7614-41EF-B4A0-751AA90CF451}: DhcpNameServer = 192.168.5.1 192.168.5.1
    O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 18:49:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mr X\Desktop\OTL.exe
    [2012/07/30 17:48:39 | 000,000,000 | ---D | C] -- C:\Users\Mr X\Desktop\RK_Quarantine
    [2012/07/30 17:46:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mr X\Desktop\aswMBR.exe
    [2012/07/30 08:19:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/30 08:05:45 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/29 22:19:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 21:03:56 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/29 20:16:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/29 20:16:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/29 20:16:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/29 20:16:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 20:15:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/29 20:13:58 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\Mr X\Desktop\ComboFix.exe
    [2012/07/27 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFAF400090747004EA24F4F147CE7
    [2012/07/27 12:20:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/24 08:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mr X\Desktop\TDSSKiller.exe
    [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 18:50:55 | 000,000,154 | ---- | M] () -- C:\Users\Mr X\Desktop\[Active] - Need help removing Sirefef, Windows (7) 64 bit shuts down in less than 1 min Page 3 - TechSpot Forums.URL
    [2012/07/30 18:49:31 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mr X\Desktop\OTL.exe
    [2012/07/30 18:46:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 18:35:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 18:35:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 18:26:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 18:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 18:25:27 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 18:06:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/30 17:46:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mr X\Desktop\aswMBR.exe
    [2012/07/30 17:44:50 | 001,552,384 | ---- | M] () -- C:\Users\Mr X\Desktop\RogueKiller.exe
    [2012/07/30 14:53:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/30 14:50:27 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/30 14:50:27 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/30 08:19:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/30 08:04:43 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\Mr X\Desktop\ComboFix.exe
    [2012/07/29 20:38:34 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/28 11:12:09 | 000,015,360 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
    [2012/07/27 23:30:01 | 000,797,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/27 12:26:55 | 000,002,048 | ---- | M] () -- C:\Users\Mr X\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/24 08:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mr X\Desktop\TDSSKiller.exe
    [2012/07/21 00:40:24 | 000,000,508 | ---- | M] () -- C:\Users\Mr X\Desktop\Calorie Count New Recipe.website
    [2012/07/11 18:02:55 | 000,273,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/30 18:50:55 | 000,000,154 | ---- | C] () -- C:\Users\Mr X\Desktop\[Active] - Need help removing Sirefef, Windows (7) 64 bit shuts down in less than 1 min Page 3 - TechSpot Forums.URL
    [2012/07/30 17:45:26 | 001,552,384 | ---- | C] () -- C:\Users\Mr X\Desktop\RogueKiller.exe
    [2012/07/29 20:16:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/29 20:16:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/29 20:16:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/29 20:16:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/29 20:16:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/27 13:15:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/15 17:11:50 | 000,000,508 | ---- | C] () -- C:\Users\Mr X\Desktop\Calorie Count New Recipe.website
    [2012/04/17 16:35:14 | 000,001,470 | ---- | C] () -- C:\Users\Mr X\.recently-used.xbel
    [2012/03/29 20:29:29 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
    [2012/03/01 15:17:19 | 000,007,597 | ---- | C] () -- C:\Users\Mr X\AppData\Local\Resmon.ResmonCfg
    [2011/12/01 20:42:28 | 000,000,173 | ---- | C] () -- C:\Windows\Readiris.ini
    [2011/08/25 17:26:32 | 000,008,192 | ---- | C] () -- C:\Users\Mr X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/25 19:41:40 | 000,167,807 | ---- | C] () -- C:\Windows\hpoins37.dat
    [2010/12/26 19:56:33 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
    [2010/12/18 16:37:29 | 000,797,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/05 13:21:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/09/18 10:58:11 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2010/09/18 10:55:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/09/18 10:55:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/09/18 10:55:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/09/18 10:55:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2010/09/18 10:55:18 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2010/09/18 10:54:52 | 000,001,605 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2009/07/13 23:57:08 | 000,001,330 | ---- | C] () -- C:\Users\Mr X\Sidebar.lnk

    ========== LOP Check ==========

    [2011/07/16 23:58:53 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\1470652_RipIt4Me
    [2011/07/16 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\1503381_RipIt4Me
    [2011/07/17 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\2411947_RipIt4Me
    [2011/07/17 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\2573922_RipIt4Me
    [2011/07/17 00:21:04 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\2825552_RipIt4Me
    [2011/05/27 01:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Asterisks Password Viewer
    [2011/02/14 12:10:32 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\AVG10
    [2010/12/04 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Barnes & Noble
    [2012/07/27 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\BitTorrent
    [2012/06/23 17:17:02 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Camfrog
    [2011/09/07 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/12/05 22:43:50 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    [2012/05/26 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\DAEMON Tools Pro
    [2011/11/15 16:08:55 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Liteon
    [2012/05/24 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Millennia
    [2011/05/27 01:27:32 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Modiac
    [2012/05/26 21:53:10 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\OpenCandy
    [2012/07/15 11:13:15 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\SoftGrid Client
    [2011/07/24 18:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\TomTom
    [2010/12/18 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\TP
    [2012/03/19 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\WeatherBug
    [2010/12/09 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Mr X\AppData\Roaming\Windows Live Writer
    [2012/06/03 21:15:42 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/05/10 06:38:53 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\孈΋
    [2011/05/10 06:38:53 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\孈΋

    < End of report >
  21. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    OTL Extras logfile created on: 7/30/2012 6:52:01 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mr X\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 65.00% Memory free
    7.35 Gb Paging File | 5.93 Gb Available in Paging File | 80.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.32 Gb Total Space | 26.72 Gb Free Space | 9.40% Space Free | Partition Type: NTFS

    Computer Name: MRX-PC | User Name: Mr X | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{75E58E3F-8C7F-4B3B-8113-843096917D54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{821476CD-DF31-49B6-A5C4-DE7892C48654}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E6DB923F-48C2-4D1A-A896-D9D6A7C63BA0}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{E77A3C58-645D-49A4-8422-F1A3CA3B746B}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{CD9EFED4-DD77-4E9C-92D4-2F77D3F46B8A}" = AVG 2011
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "AVG" = AVG 2011
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{1136E893-E35B-4414-84D0-B4474A07A1E6}_is1" = FrontierVilleBot ver. 1.1beta
    "{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.2.3.7
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4473A7CA-4C21-4D16-A793-636E15B7520E}" = Home Budget
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
    "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
    "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1" = CityVilleBot
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
    "{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3AB5277-869F-4CD6-8397-6E7A0B448A28}" = Marketsplash Print Software
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090722
    "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
    "{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
    "Acer Game Console" = Acer Game Console
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "BCWipe" = BCWipe 5.0
    "BitTorrent" = BitTorrent
    "BitTorrentBar Toolbar" = BitTorrentBar Toolbar
    "BN_DesktopReader" = Barnes & Noble Desktop Reader
    "Camfrog 6.2" = Camfrog Video Chat 6.2
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "CouponBar5.0.0.5" = CouponBar
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "DivX Setup.divx.com" = DivX Setup
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
    "ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
    "Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
    "Google Chrome" = Google Chrome
    "iCare Data Recovery_is1" = iCare Data Recovery 4.0
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "iSkysoft iMedia Converter_is1" = iSkysoft iMedia Converter(Build 3.0.3.0)
    "Legacy 7.5" = Legacy 7.5
    "LManager" = Launch Manager
    "Modiac Blu-ray Ripper" = Modiac Blu-ray Ripper
    "Modiac DVD Ripper" = Modiac DVD Ripper
    "Modiac Video Converter" = Modiac Video Converter
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Torrent Harvester" = Torrent Harvester
    "TVTrigger" = TVTrigger
    "VLC media player" = VLC media player 2.0.1
    "WildTangent acer Master Uninstall" = Acer Games
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
    "WT088295" = Agatha Christie - Death on the Nile
    "WT088300" = Bejeweled 2 Deluxe
    "WT088310" = Build-a-lot 2
    "WT088312" = Chuzzle Deluxe
    "WT088318" = Diner Dash 2 Restaurant Rescue
    "WT088350" = Jewel Quest Solitaire 2
    "WT088364" = Plants vs. Zombies
    "WT088373" = Blackhawk Striker 2
    "WT088393" = Dora's Carnival Adventure
    "WT088413" = FATE
    "WT088445" = John Deere Drive Green
    "WT088449" = Penguins!
    "WT088453" = Polar Bowler
    "WT088457" = Polar Golfer
    "WT088517" = Zuma's Revenge
    "WT088553" = Virtual Villagers 4 - The Tree of Life
    "WT088649" = 18 Wheels of Steel - American Long Haul
    "WT088653" = Jewel Quest - Heritage
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/27/2012 11:22:52 PM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ePowerTray.exe, version: 5.0.3004.0, time
    stamp: 0x4bd103b5 Faulting module name: ePowerTray.exe, version: 5.0.3004.0, time
    stamp: 0x4bd103b5 Exception code: 0xc0000005 Fault offset: 0x0000000000001e99 Faulting
    process id: 0xa94 Faulting application start time: 0x01cd6c7025b56075 Faulting application
    path: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe Faulting module
    path: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe Report Id: 831e23dc-d863-11e1-bb15-206a8a182a99

    Error - 7/27/2012 11:25:26 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-EFS | ID = 4376
    Description = EFS Service failed to start. Error code: 0x800706be.

    Error - 7/27/2012 11:25:38 PM | Computer Name = MrX-PC | Source = Application Virtualization Client | ID = 2005
    Description = The Application Virtualization Core Service could not contact the
    Service Control Dispatcher.

    Error - 7/27/2012 11:28:31 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-EFS | ID = 4376
    Description = EFS Service failed to start. Error code: 0x800706be.

    Error - 7/27/2012 11:37:37 PM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AVGIDSAgent.exe, version: 10.0.0.367, time
    stamp: 0x4d2646a8 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0xba764df0 Faulting process id: 0x11a0 Faulting application
    start time: 0x01cd6c72310cb8f0 Faulting application path: C:\Program Files (x86)\AVG\AVG10\Identity
    Protection\Agent\Bin\AVGIDSAgent.exe Faulting module path: unknown Report Id: 931cd60d-d865-11e1-be75-206a8a182a99

    Error - 7/27/2012 11:47:02 PM | Computer Name = MrX-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 7/28/2012 12:01:48 AM | Computer Name = MrX-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 7/28/2012 12:04:56 AM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AVGIDSAgent.exe, version: 10.0.0.367, time
    stamp: 0x4d2646a8 Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time
    stamp: 0x4fd2d370 Exception code: 0xc000001d Fault offset: 0x007c88b3 Faulting process
    id: 0x1348 Faulting application start time: 0x01cd6c760a893d6d Faulting application
    path: C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    Faulting
    module path: C:\Windows\syswow64\SHELL32.dll Report Id: 63f88ba4-d869-11e1-95c9-206a8a182a99

    Error - 7/28/2012 12:04:56 AM | Computer Name = MrX-PC | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program AVG IDS application because of this error. Program: AVG IDS application
    File:
    The error value is listed in the Additional Data section. User Action 1. Open the
    file again. This situation might be a temporary problem that corrects itself when
    the program runs again. 2. If the file still cannot be accessed and - It is on the
    network, your network administrator should verify that there is not a problem with
    the network and that the server can be contacted. - It is on a removable disk, for
    example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
    computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
    click Start, click Run, type CMD, and then click OK. At the command prompt, type
    CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
    a backup copy. 5. Determine whether other files on the same disk can be opened.
    If not, the disk might be damaged. If it is a hard disk, contact your administrator
    or computer hardware vendor for further assistance. Additional Data Error value: 00000000
    Disk
    type: 0

    Error - 7/28/2012 12:14:13 AM | Computer Name = MrX-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 7/28/2012 12:25:52 AM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AVGIDSAgent.exe, version: 10.0.0.367, time
    stamp: 0x4d2646a8 Faulting module name: MSVCP90.dll, version: 9.0.30729.6161, time
    stamp: 0x4dace5bd Exception code: 0xc0000005 Fault offset: 0x00007f00 Faulting process
    id: 0x114c Faulting application start time: 0x01cd6c78e8a4102f Faulting application
    path: C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    Faulting
    module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
    Report
    Id: 5020f869-d86c-11e1-90e1-206a8a182a99

    [ Media Center Events ]
    Error - 2/20/2011 8:00:30 PM | Computer Name = MrX-PC | Source = MCUpdate | ID = 0
    Description = 6:00:08 PM - Error connecting to the internet. 6:00:08 PM - Unable
    to contact server..

    [ System Events ]
    Error - 7/30/2012 7:02:51 PM | Computer Name = MrX-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:59:41 PM on ?7/?30/?2012 was unexpected.

    Error - 7/30/2012 7:02:59 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
    Error
    Code: 126

    Error - 7/30/2012 7:04:27 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/30/2012 7:06:03 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Avgfwfd

    Error - 7/30/2012 7:25:45 PM | Computer Name = MrX-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:07:31 PM on ?7/?30/?2012 was unexpected.

    Error - 7/30/2012 7:25:53 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
    Error
    Code: 126

    Error - 7/30/2012 7:26:49 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the HP
    LaserJet Service service to connect.

    Error - 7/30/2012 7:26:49 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7000
    Description = The HP LaserJet Service service failed to start due to the following
    error: %%1053

    Error - 7/30/2012 7:27:29 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/30/2012 7:28:48 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Avgfwfd


    < End of report >
  22. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    OTL Extras logfile created on: 7/30/2012 6:52:01 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mr X\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 65.00% Memory free
    7.35 Gb Paging File | 5.93 Gb Available in Paging File | 80.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.32 Gb Total Space | 26.72 Gb Free Space | 9.40% Space Free | Partition Type: NTFS

    Computer Name: MRX-PC | User Name: Mr X | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{75E58E3F-8C7F-4B3B-8113-843096917D54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{821476CD-DF31-49B6-A5C4-DE7892C48654}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E6DB923F-48C2-4D1A-A896-D9D6A7C63BA0}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{E77A3C58-645D-49A4-8422-F1A3CA3B746B}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{CD9EFED4-DD77-4E9C-92D4-2F77D3F46B8A}" = AVG 2011
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "AVG" = AVG 2011
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{1136E893-E35B-4414-84D0-B4474A07A1E6}_is1" = FrontierVilleBot ver. 1.1beta
    "{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.2.3.7
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4473A7CA-4C21-4D16-A793-636E15B7520E}" = Home Budget
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
    "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
    "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1" = CityVilleBot
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
    "{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3AB5277-869F-4CD6-8397-6E7A0B448A28}" = Marketsplash Print Software
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090722
    "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
    "{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
    "Acer Game Console" = Acer Game Console
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "BCWipe" = BCWipe 5.0
    "BitTorrent" = BitTorrent
    "BitTorrentBar Toolbar" = BitTorrentBar Toolbar
    "BN_DesktopReader" = Barnes & Noble Desktop Reader
    "Camfrog 6.2" = Camfrog Video Chat 6.2
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "CouponBar5.0.0.5" = CouponBar
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "DivX Setup.divx.com" = DivX Setup
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
    "ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
    "Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
    "Google Chrome" = Google Chrome
    "iCare Data Recovery_is1" = iCare Data Recovery 4.0
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "iSkysoft iMedia Converter_is1" = iSkysoft iMedia Converter(Build 3.0.3.0)
    "Legacy 7.5" = Legacy 7.5
    "LManager" = Launch Manager
    "Modiac Blu-ray Ripper" = Modiac Blu-ray Ripper
    "Modiac DVD Ripper" = Modiac DVD Ripper
    "Modiac Video Converter" = Modiac Video Converter
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Torrent Harvester" = Torrent Harvester
    "TVTrigger" = TVTrigger
    "VLC media player" = VLC media player 2.0.1
    "WildTangent acer Master Uninstall" = Acer Games
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
    "WT088295" = Agatha Christie - Death on the Nile
    "WT088300" = Bejeweled 2 Deluxe
    "WT088310" = Build-a-lot 2
    "WT088312" = Chuzzle Deluxe
    "WT088318" = Diner Dash 2 Restaurant Rescue
    "WT088350" = Jewel Quest Solitaire 2
    "WT088364" = Plants vs. Zombies
    "WT088373" = Blackhawk Striker 2
    "WT088393" = Dora's Carnival Adventure
    "WT088413" = FATE
    "WT088445" = John Deere Drive Green
    "WT088449" = Penguins!
    "WT088453" = Polar Bowler
    "WT088457" = Polar Golfer
    "WT088517" = Zuma's Revenge
    "WT088553" = Virtual Villagers 4 - The Tree of Life
    "WT088649" = 18 Wheels of Steel - American Long Haul
    "WT088653" = Jewel Quest - Heritage
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-883996547-2889226150-1078755804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/27/2012 11:22:52 PM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ePowerTray.exe, version: 5.0.3004.0, time
    stamp: 0x4bd103b5 Faulting module name: ePowerTray.exe, version: 5.0.3004.0, time
    stamp: 0x4bd103b5 Exception code: 0xc0000005 Fault offset: 0x0000000000001e99 Faulting
    process id: 0xa94 Faulting application start time: 0x01cd6c7025b56075 Faulting application
    path: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe Faulting module
    path: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe Report Id: 831e23dc-d863-11e1-bb15-206a8a182a99

    Error - 7/27/2012 11:25:26 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-EFS | ID = 4376
    Description = EFS Service failed to start. Error code: 0x800706be.

    Error - 7/27/2012 11:25:38 PM | Computer Name = MrX-PC | Source = Application Virtualization Client | ID = 2005
    Description = The Application Virtualization Core Service could not contact the
    Service Control Dispatcher.

    Error - 7/27/2012 11:28:31 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-EFS | ID = 4376
    Description = EFS Service failed to start. Error code: 0x800706be.

    Error - 7/27/2012 11:37:37 PM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AVGIDSAgent.exe, version: 10.0.0.367, time
    stamp: 0x4d2646a8 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0xba764df0 Faulting process id: 0x11a0 Faulting application
    start time: 0x01cd6c72310cb8f0 Faulting application path: C:\Program Files (x86)\AVG\AVG10\Identity
    Protection\Agent\Bin\AVGIDSAgent.exe Faulting module path: unknown Report Id: 931cd60d-d865-11e1-be75-206a8a182a99

    Error - 7/27/2012 11:47:02 PM | Computer Name = MrX-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 7/28/2012 12:01:48 AM | Computer Name = MrX-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 7/28/2012 12:04:56 AM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AVGIDSAgent.exe, version: 10.0.0.367, time
    stamp: 0x4d2646a8 Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time
    stamp: 0x4fd2d370 Exception code: 0xc000001d Fault offset: 0x007c88b3 Faulting process
    id: 0x1348 Faulting application start time: 0x01cd6c760a893d6d Faulting application
    path: C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    Faulting
    module path: C:\Windows\syswow64\SHELL32.dll Report Id: 63f88ba4-d869-11e1-95c9-206a8a182a99

    Error - 7/28/2012 12:04:56 AM | Computer Name = MrX-PC | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program AVG IDS application because of this error. Program: AVG IDS application
    File:
    The error value is listed in the Additional Data section. User Action 1. Open the
    file again. This situation might be a temporary problem that corrects itself when
    the program runs again. 2. If the file still cannot be accessed and - It is on the
    network, your network administrator should verify that there is not a problem with
    the network and that the server can be contacted. - It is on a removable disk, for
    example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
    computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
    click Start, click Run, type CMD, and then click OK. At the command prompt, type
    CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
    a backup copy. 5. Determine whether other files on the same disk can be opened.
    If not, the disk might be damaged. If it is a hard disk, contact your administrator
    or computer hardware vendor for further assistance. Additional Data Error value: 00000000
    Disk
    type: 0

    Error - 7/28/2012 12:14:13 AM | Computer Name = MrX-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


    Error - 7/28/2012 12:25:52 AM | Computer Name = MrX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AVGIDSAgent.exe, version: 10.0.0.367, time
    stamp: 0x4d2646a8 Faulting module name: MSVCP90.dll, version: 9.0.30729.6161, time
    stamp: 0x4dace5bd Exception code: 0xc0000005 Fault offset: 0x00007f00 Faulting process
    id: 0x114c Faulting application start time: 0x01cd6c78e8a4102f Faulting application
    path: C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    Faulting
    module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
    Report
    Id: 5020f869-d86c-11e1-90e1-206a8a182a99

    [ Media Center Events ]
    Error - 2/20/2011 8:00:30 PM | Computer Name = MrX-PC | Source = MCUpdate | ID = 0
    Description = 6:00:08 PM - Error connecting to the internet. 6:00:08 PM - Unable
    to contact server..

    [ System Events ]
    Error - 7/30/2012 7:02:51 PM | Computer Name = MrX-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:59:41 PM on ?7/?30/?2012 was unexpected.

    Error - 7/30/2012 7:02:59 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
    Error
    Code: 126

    Error - 7/30/2012 7:04:27 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/30/2012 7:06:03 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Avgfwfd

    Error - 7/30/2012 7:25:45 PM | Computer Name = MrX-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:07:31 PM on ?7/?30/?2012 was unexpected.

    Error - 7/30/2012 7:25:53 PM | Computer Name = MrX-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
    Error
    Code: 126

    Error - 7/30/2012 7:26:49 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the HP
    LaserJet Service service to connect.

    Error - 7/30/2012 7:26:49 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7000
    Description = The HP LaserJet Service service failed to start due to the following
    error: %%1053

    Error - 7/30/2012 7:27:29 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/30/2012 7:28:48 PM | Computer Name = MrX-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Avgfwfd


    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    I can't proceed because you didn't answer my question:
    [​IMG]
  24. mrx64

    mrx64 Newcomer, in training Topic Starter Posts: 51

    the pc is not rebooting as it was before... other than windows freezing and seeming slow
  25. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    1. I can see some AVG leftovers.
    Please run AVG Remover to get rid of them: http://www.avg.com/us-en/utilities

    2. Reinstall MSE.

    3. Re-run OTL and post new log. Only one log will be produced.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.