TechSpot

Sirefef Infection Of: Desktop.ini, Services.exe

Solved
By ATedin
Jul 1, 2012
  1. With my Nod32 running, I've picked up a virus called Sirefef, as many people have seem to have gotten recently, it seems like. Nod32 is constantly warning me about trojans being blocked, as well as Services.exe and Desktop.ini being infected. Because of this, I feel as if Nod32 is the only thing keeping my computer and information from being exploited. I made this separate thread as I assume that every person's results will vary.

    I ran a scan in Advanced Systemcare Full, I believe it has removed any malware that the infection is spreading, but the source still exists, and is constantly attempting to spread infection.

    I am currently scanning in NOD32 at 63%.
    I am scanning in MalwareBytes at the same time, which is probably not a good idea, it has been running for 2 hours.
    I've downloaded OTL and have not run it yet. I will await instruction on if and when to use it.

    My main concern is: If I should wait for scanning to complete before further instruction, or take immediate action that involves the stop in the scanning process, or my Antivirus protection. Thank you for any potential resolution.
     
  2. ATedin

    ATedin TS Rookie Topic Starter

    I cannot seem to find the "Edit Post" button, but I wanted to add this:

    I am running Windows 7 Home Premium x64
    AMD Phenom II x4 925 Processor
    NVIDIA GTX 580 3GB
    4GB Ram

    The source of the infection seems to attempt to spread 2 trojans every 5 minutes. They are:
    Win64/Agent.BA Trojan Called "00000008.@"
    Win64/Sirefef.AE Trojan Called "80000000.@"
    They are located in some folders within Windows\Installer, all detected so far have been automatically quarantined by NOD32 Antivirus.
     
  3. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  4. ATedin

    ATedin TS Rookie Topic Starter

    Contents of the log file are as follows:


    Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 01-07-2012 19:05:21
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11855976 2011-05-31] (Realtek Semiconductor)
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [ProcessTamer] C:\Program Files (x86)\ProcessTamer\ProcessTamerTray.exe [163840 2009-03-27] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [119808 2012-06-19] (Yuna Software)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /S=7 [192816 2011-10-27] (Blabbers Communications LTD)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1104440 2012-06-25] ()
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Arrow\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-03-09] (Valve Corporation)
    HKU\Arrow\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Arrow\...\Run: [AdobeBridge] [x]
    HKU\Arrow\...\Run: [puush] C:\Program Files (x86)\puush\puush.exe [565480 2012-04-16] ()
    HKU\Arrow\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
    HKU\Arrow\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Arrow\...\Run: [Facebook Update] "C:\Users\Arrow\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-03-08] (Facebook Inc.)
    HKU\Arrow\...\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [514048 2010-12-15] ()
    HKU\Arrow\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
    ShortcutTarget: AML Device Install.lnk -> C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Arrow\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
    ShortcutTarget: Creative Element Power Tools Startup.lnk -> C:\Program Files (x86)\Creative Element Power Tools\Startup.exe (Creative Element)
    Startup: C:\Users\Arrow\Start Menu\Programs\Startup\XWindows Dock.lnk
    ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (Lichonos Vladimir)

    ==================== Services (Whitelisted) ======

    2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
    2 CISVC; C:\Windows\System32\CISVC.EXE [19456 2009-07-13] (Microsoft Corporation)
    3 Desura Install Service; C:\Program Files (x86)\Common Files\Desura\desura_service.exe [131912 2011-11-16] (Desura Pty Ltd)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
    2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [820568 2011-10-08] (IObit)
    2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-06] (Logitech Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2012_32; "C:\Program Files (x86)\Autodesk\32\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe" [86016 2011-02-23] ()
    2 mi-raysat_3dsmax2012_64; "C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [86016 2011-02-22] ()
    2 mi-raysat_3dsmax2013_64; "C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe" [86016 2011-09-14] ()
    2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [119808 2012-06-19] (Yuna Software)
    2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [43028328 2011-09-22] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-03] ()
    4 SQLAgent$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [370024 2011-09-22] (Microsoft Corporation)
    2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-25] ()

    ========================== Drivers (Whitelisted) =============

    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2012-06-08] (DT Soft Ltd)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-14] (ESET)
    3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [58112 2007-05-15] (Eugene V. Muzychenko)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
    3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-12] (ManyCam LLC.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
    3 ScreamBAudioSvc; C:\Windows\System32\drivers\ScreamingBAudio64.sys [38992 2010-07-01] (Screaming Bee LLC)
    0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    4 AMD FUEL Service; [x]
    2 AODDriver4.01; [x]
    2 AODDriver4.1; [x]
    3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
    3 MSICDSetup; \??\D:\CDriver64.sys [x]
    3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [x]
    3 X6va006; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-01 19:04 - 2012-07-01 19:05 - 00000000 ____D C:\FRST
    2012-07-01 15:11 - 2012-07-01 15:11 - 00000056 ____A C:\Windows\setupact.log
    2012-07-01 15:11 - 2012-07-01 15:11 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-01 12:18 - 2012-07-01 12:18 - 00000294 ____A C:\Windows\PFRO.log
    2012-07-01 12:11 - 2012-07-01 12:42 - 00000000 ____D C:\Users\Arrow\Desktop\Virus Software For June 2012
    2012-07-01 08:54 - 2012-07-01 08:54 - 00595968 ____A (OldTimer Tools) C:\Users\Arrow\Desktop\OTL.exe
    2012-07-01 08:45 - 2012-07-01 08:45 - 00000000 ____D C:\553097c4c6b2a41554125ab234e0
    2012-07-01 08:29 - 2012-07-01 08:29 - 00711240 ____A C:\Windows\isRS-000.tmp
    2012-07-01 08:29 - 2012-07-01 08:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-01 08:28 - 2012-07-01 08:28 - 00000000 ___SD C:\ComboFix
    2012-07-01 08:22 - 2012-07-01 08:22 - 00000000 ____D C:\Windows\erdnt
    2012-07-01 08:22 - 2012-07-01 08:22 - 00000000 ____D C:\Qoobox
    2012-07-01 08:21 - 2012-07-01 08:22 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\GetRightToGo
    2012-07-01 08:00 - 2012-07-01 08:00 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-01 07:57 - 2012-07-01 07:57 - 00000000 ____A C:\Users\Arrow\dir
    2012-07-01 07:47 - 2010-11-09 15:19 - 00327777 ____A C:\Users\Arrow\Downloads\parachute.wad
    2012-07-01 07:39 - 2012-07-01 07:39 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\New Technology Studio
    2012-07-01 07:38 - 2012-07-01 07:39 - 00882688 ____A (New Technology Studio) C:\Users\Arrow\Downloads\ovisetup.exe
    2012-07-01 07:35 - 2012-07-01 07:37 - 82688000 ____A C:\Users\Arrow\Downloads\anim.img
    2012-06-27 22:12 - 2012-06-27 22:12 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-06-26 19:48 - 2012-06-26 20:12 - 00000000 ____D C:\Users\Arrow\Downloads\Fallout.New.Vegas.Update.7-SKIDROW
    2012-06-25 20:03 - 2012-06-25 20:03 - 00001250 ____A C:\Users\Arrow\Desktop\Bethesda Softworks.lnk
    2012-06-25 13:06 - 2012-06-25 13:15 - 00000000 ____D C:\Users\Arrow\AppData\Local\FalloutNV
    2012-06-25 09:27 - 2012-06-25 12:08 - 00000000 ____D C:\Users\Arrow\Downloads\Fallout.New.Vegas-SKIDROW
    2012-06-25 09:25 - 2012-06-25 09:25 - 00001007 ____A C:\Users\Public\Desktop\PowerISO.lnk
    2012-06-25 09:25 - 2012-06-25 09:25 - 00000000 ____D C:\Users\Arrow\AppData\Local\AVG Secure Search
    2012-06-25 09:24 - 2012-06-25 09:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-06-25 09:24 - 2012-06-25 09:25 - 00000000 ____D C:\Program Files (x86)\PowerISO
    2012-06-25 09:24 - 2012-06-25 09:25 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-06-25 09:24 - 2012-05-30 20:10 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
    2012-06-25 09:23 - 2012-06-25 09:24 - 07559656 ____A C:\Users\Arrow\Downloads\PowerISO5.exe
    2012-06-24 22:47 - 2012-06-24 22:47 - 00000000 ____D C:\Program Files\Debugging Tools for Windows (x64)
    2012-06-24 22:47 - 2012-06-24 22:47 - 00000000 ____D C:\Program Files\Application Verifier (x64)
    2012-06-24 22:47 - 2012-06-24 22:47 - 00000000 ____D C:\Program Files (x86)\Application Verifier
    2012-06-24 21:35 - 2012-06-24 21:36 - 00000000 ____D C:\Users\Arrow\AppData\Local\Fallout3
    2012-06-24 21:32 - 2012-06-24 21:33 - 54179488 ____A C:\Users\Arrow\Downloads\Fallout3_1.7_English_US.exe
    2012-06-24 21:27 - 2012-06-25 13:00 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
    2012-06-24 21:10 - 2012-06-24 21:10 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\WinRAR
    2012-06-24 21:09 - 2012-06-24 21:09 - 27752090 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part83.rar
    2012-06-24 21:07 - 2012-06-24 21:10 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part82.rar
    2012-06-24 21:06 - 2012-06-24 21:08 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part81.rar
    2012-06-24 21:04 - 2012-06-24 21:07 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part80.rar
    2012-06-24 21:03 - 2012-06-24 21:06 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part79.rar
    2012-06-24 21:01 - 2012-06-24 21:04 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part78.rar
    2012-06-24 21:01 - 2012-06-24 21:03 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part77.rar
    2012-06-24 20:59 - 2012-06-24 21:00 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part76.rar
    2012-06-24 20:58 - 2012-06-24 21:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part75.rar
    2012-06-24 20:56 - 2012-06-24 20:58 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part74.rar
    2012-06-24 20:55 - 2012-06-24 20:58 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part73.rar
    2012-06-24 20:54 - 2012-06-24 20:56 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part72.rar
    2012-06-24 20:53 - 2012-06-24 20:55 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part71.rar
    2012-06-24 20:51 - 2012-06-24 20:53 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part70.rar
    2012-06-24 20:50 - 2012-06-24 20:52 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part69.rar
    2012-06-24 20:47 - 2012-06-24 20:51 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part68.rar
    2012-06-24 20:45 - 2012-06-24 20:49 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part67.rar
    2012-06-24 20:43 - 2012-06-24 20:46 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part66.rar
    2012-06-24 20:41 - 2012-06-24 20:45 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part65.rar
    2012-06-24 20:40 - 2012-06-24 20:43 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part64.rar
    2012-06-24 20:39 - 2012-06-24 20:41 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part63.rar
    2012-06-24 20:36 - 2012-06-24 20:39 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part62.rar
    2012-06-24 20:36 - 2012-06-24 20:38 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part61.rar
    2012-06-24 20:33 - 2012-06-24 20:35 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part60.rar
    2012-06-24 20:32 - 2012-06-24 20:36 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part59.rar
    2012-06-24 20:29 - 2012-06-24 20:32 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part58.rar
    2012-06-24 20:29 - 2012-06-24 20:31 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part57.rar
    2012-06-24 20:25 - 2012-06-24 20:28 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part56.rar
    2012-06-24 20:24 - 2012-06-24 20:28 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part55.rar
    2012-06-24 20:21 - 2012-06-24 20:24 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part54.rar
    2012-06-24 20:20 - 2012-06-24 20:24 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part53.rar
    2012-06-24 20:18 - 2012-06-24 20:20 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part52.rar
    2012-06-24 20:17 - 2012-06-24 20:20 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part51.rar
    2012-06-24 20:15 - 2012-06-24 20:17 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part50.rar
    2012-06-24 20:13 - 2012-06-24 20:17 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part49.rar
    2012-06-24 20:11 - 2012-06-24 20:15 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part48.rar
    2012-06-24 20:10 - 2012-06-24 20:13 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part47.rar
    2012-06-24 20:08 - 2012-06-24 20:11 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part46.rar
    2012-06-24 20:07 - 2012-06-24 20:10 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part45.rar
    2012-06-24 20:05 - 2012-06-24 20:08 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part44.rar
    2012-06-24 20:04 - 2012-06-24 20:07 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part43.rar
    2012-06-24 20:02 - 2012-06-24 20:05 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part42.rar
    2012-06-24 20:01 - 2012-06-24 20:04 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part41.rar
    2012-06-24 20:00 - 2012-06-24 20:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part40.rar
    2012-06-24 19:57 - 2012-06-24 20:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part39.rar
    2012-06-24 19:57 - 2012-06-24 19:59 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part38.rar
    2012-06-24 19:54 - 2012-06-24 19:57 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part37.rar
    2012-06-24 19:53 - 2012-06-24 19:56 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part36.rar
    2012-06-24 19:51 - 2012-06-24 19:53 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part35.rar
    2012-06-24 19:50 - 2012-06-24 19:53 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part34.rar
    2012-06-24 19:48 - 2012-06-24 19:51 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part32.rar
    2012-06-24 19:48 - 2012-06-24 19:50 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part33.rar
    2012-06-24 19:45 - 2012-06-24 19:47 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part31.rar
    2012-06-24 19:45 - 2012-06-24 19:47 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part30.rar
    2012-06-24 19:42 - 2012-06-24 19:45 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part28.rar
    2012-06-24 19:42 - 2012-06-24 19:44 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part29.rar
    2012-06-24 19:39 - 2012-06-24 19:42 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part27.rar
    2012-06-24 19:39 - 2012-06-24 19:42 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part26.rar
    2012-06-24 19:36 - 2012-06-24 19:39 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part25.rar
    2012-06-24 19:36 - 2012-06-24 19:39 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part24.rar
    2012-06-24 19:33 - 2012-06-24 19:35 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part23.rar
    2012-06-24 19:32 - 2012-06-24 19:35 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part22.rar
    2012-06-24 19:29 - 2012-06-24 19:32 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part21.rar
    2012-06-24 19:29 - 2012-06-24 19:32 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part20.rar
    2012-06-24 19:26 - 2012-06-24 19:29 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part19.rar
    2012-06-24 19:25 - 2012-06-24 19:29 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part18.rar
    2012-06-24 19:22 - 2012-06-24 19:25 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part17.rar
    2012-06-24 19:22 - 2012-06-24 19:25 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part16.rar
    2012-06-24 19:19 - 2012-06-24 19:22 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part15.rar
    2012-06-24 19:18 - 2012-06-24 19:22 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part14.rar
    2012-06-24 19:16 - 2012-06-24 19:18 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part13.rar
    2012-06-24 19:15 - 2012-06-24 19:18 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part12.rar
    2012-06-24 19:11 - 2012-06-24 19:15 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part11.rar
    2012-06-24 19:11 - 2012-06-24 19:15 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part10.rar
    2012-06-24 19:07 - 2012-06-24 19:10 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part09.rar
    2012-06-24 19:04 - 2012-06-24 19:07 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part08.rar
    2012-06-24 19:02 - 2012-06-24 19:04 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part07.rar
    2012-06-24 18:59 - 2012-06-24 19:10 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part06.rar
    2012-06-24 18:59 - 2012-06-24 19:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part05.rar
    2012-06-24 18:55 - 2012-06-24 18:59 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part04.rar
    2012-06-24 18:54 - 2012-06-24 18:58 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part03.rar
    2012-06-24 18:50 - 2012-06-24 18:54 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part02.rar
    2012-06-24 18:50 - 2012-06-24 18:54 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part01.rar
    2012-06-24 18:41 - 2012-06-24 18:41 - 00002037 ____A C:\Users\Arrow\Desktop\JDownloader.lnk
    2012-06-24 18:40 - 2012-06-24 18:46 - 00000000 ____D C:\Program Files (x86)\JDownloader
    2012-06-24 18:38 - 2012-06-24 18:38 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Arrow\Downloads\WebInstaller.exe
    2012-06-23 21:44 - 2012-04-18 06:47 - 01816440 ____A (Wacom Technology, Corp.) C:\Windows\System32\WacomMT.dll
    2012-06-23 21:44 - 2012-04-18 06:47 - 01765240 ____A (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.dll
    2012-06-23 21:44 - 2012-04-18 06:47 - 01758584 ____A (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Touch_Tablet.dll
    2012-06-23 21:44 - 2012-04-18 06:47 - 01484152 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
    2012-06-23 21:44 - 2012-04-18 06:47 - 01450872 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
    2012-06-23 21:44 - 2012-04-18 06:47 - 01444216 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
    2012-06-22 22:55 - 2012-06-22 22:55 - 06997317 ____A C:\Users\Arrow\Downloads\rusty ruin_2.mp3
    2012-06-22 20:53 - 2012-06-27 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-22 20:53 - 2012-06-22 20:53 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-21 18:00 - 2012-06-21 18:01 - 07054336 ____A C:\Users\Arrow\Downloads\xnafx40_redist.msi
    2012-06-21 17:20 - 2012-06-21 17:20 - 00016620 ____A C:\Users\Arrow\Downloads\unins000.dat
    2012-06-21 17:19 - 2012-06-21 17:21 - 00931252 ____A C:\Users\Arrow\Downloads\unins000.exe
    2012-06-21 17:18 - 2012-06-21 17:20 - 00000000 ____D C:\Users\Arrow\Downloads\Data
    2012-06-21 17:17 - 2012-06-21 17:20 - 17395200 ____A (Bethesda Softworks) C:\Users\Arrow\Downloads\TESV.exe
    2012-06-20 21:29 - 2012-06-20 21:29 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\Toribash
    2012-06-20 21:28 - 2012-06-20 21:28 - 00000773 ____A C:\Users\Arrow\Desktop\Toribash.lnk
    2012-06-20 21:13 - 2012-06-20 21:17 - 00000000 ____D C:\Users\Arrow\Documents\NekoFight
    2012-06-20 20:25 - 2012-06-20 20:25 - 00000368 ____A C:\Users\Arrow\Documents\YoutubeProtectionRemover.js
    2012-06-20 18:19 - 2012-06-20 18:19 - 00000000 ____D C:\Program Files (x86)\Valve
    2012-06-20 17:21 - 2012-06-20 17:21 - 00005062 ____A C:\Users\Arrow\Documents\Dragon_EnglishAlphabetical.txt
    2012-06-20 12:23 - 2012-06-20 12:23 - 01122224 ____A (Yuna Software) C:\Users\Arrow\Downloads\Setup-MsgPlus-511.exe
    2012-06-20 12:20 - 2012-06-20 12:20 - 00001641 ____A C:\Users\Arrow\Desktop\MSN Messenger.lnk
    2012-06-20 12:17 - 2012-06-20 12:17 - 00000000 ____D C:\Windows\PCHEALTH
    2012-06-20 12:17 - 2012-06-20 12:17 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
    2012-06-20 12:05 - 2012-06-20 12:05 - 00000020 ____A C:\Windows\0öÑ
    2012-06-20 11:40 - 2012-06-20 11:40 - 00000000 ____D C:\Users\Arrow\AppData\Local\{E929EF71-793E-4320-A827-C06E167F1780}
    2012-06-20 11:39 - 2012-06-20 11:40 - 00000000 ____D C:\Users\Arrow\AppData\Local\{5B878C59-B743-428F-8510-295F782D5D48}
    2012-06-19 21:59 - 2012-06-19 21:59 - 00000000 ____D C:\Users\Arrow\AppData\Local\Macromedia
    2012-06-19 20:15 - 2012-06-19 20:15 - 00028892 ____A C:\Users\Arrow\.recently-used.xbel
    2012-06-19 19:00 - 2012-06-19 19:00 - 00000000 ____D C:\Users\Arrow\AppData\Local\{173E8505-4827-4A45-BA25-F45AB0EA6478}
    2012-06-19 18:59 - 2012-06-19 19:00 - 00000000 ____D C:\Users\Arrow\AppData\Local\{0859876B-1297-431F-A69B-A8A087C88C5E}
    2012-06-19 11:26 - 2012-07-01 15:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-18 21:41 - 2012-06-18 21:41 - 00000562 ____A C:\Users\Arrow\Desktop\Fraps.lnk
    2012-06-18 19:39 - 2012-06-18 19:39 - 00001403 ____A C:\Users\Arrow\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk
    2012-06-18 10:22 - 2012-06-18 10:24 - 00001896 ____A C:\Users\Arrow\Desktop\devenv.exe - Shortcut.lnk
    2012-06-18 09:50 - 2012-06-18 09:50 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
    2012-06-18 09:49 - 2012-06-18 09:49 - 00000000 ____D C:\Users\All Users\PreEmptive Solutions
    2012-06-18 09:45 - 2012-06-18 09:45 - 00000000 ____D C:\Program Files\IIS
    2012-06-18 09:45 - 2012-06-18 09:45 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
    2012-06-18 09:45 - 2012-06-18 09:45 - 00000000 ____D C:\Program Files (x86)\IIS
    2012-06-18 09:37 - 2012-06-18 09:40 - 00000000 ____D C:\Program Files (x86)\Microsoft F#
    2012-06-18 09:37 - 2012-06-18 09:39 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
    2012-06-18 09:29 - 2012-07-01 15:58 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\XWindows Dock
    2012-06-18 09:28 - 2012-06-18 09:28 - 00000000 ____D C:\Program Files (x86)\XWindows Dock
    2012-06-18 09:00 - 2012-06-18 09:00 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2012-06-18 09:00 - 2012-06-18 09:00 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2012-06-18 08:59 - 2012-06-18 08:59 - 00000000 ____D C:\Users\Arrow\Documents\Visual Studio 2010
    2012-06-18 08:58 - 2012-06-18 09:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
    2012-06-18 08:57 - 2012-06-18 09:50 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
    2012-06-18 08:57 - 2012-06-18 08:57 - 00000000 ____D C:\Windows\symbols
    2012-06-18 08:57 - 2012-06-18 08:57 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
    2012-06-17 13:59 - 2012-06-17 13:59 - 00000000 ____D C:\Users\Arrow\Documents\Eidos
    2012-06-17 13:53 - 2012-06-24 12:34 - 00000000 ____D C:\Program Files (x86)\Tomb Raider - Anniversary
    2012-06-17 13:16 - 2012-06-17 13:16 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
    2012-06-17 13:16 - 2012-06-17 13:16 - 00000000 ____D C:\Program Files\NTCore
    2012-06-17 05:48 - 2012-06-17 05:48 - 00001188 ____A C:\Users\Arrow\Desktop\FL Studio 10.lnk
    2012-06-13 03:46 - 2012-06-13 03:47 - 00000000 ____D C:\Users\Arrow\Documents\FL Soundfronts
    2012-06-12 22:41 - 2012-06-12 22:41 - 00000896 ____A C:\Users\Arrow\Desktop\Audio Repeater.lnk
    2012-06-11 22:33 - 2012-06-11 22:33 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\exe
    2012-06-11 22:32 - 2012-06-11 22:32 - 00001803 ____A C:\Users\UpdatusUser\Desktop\exe-1.04.0.lnk
    2012-06-11 22:32 - 2012-06-11 22:32 - 00000000 ____D C:\Program Files (x86)\exe
    2012-06-11 10:02 - 2012-06-11 10:02 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
    2012-06-11 10:02 - 2012-06-11 10:02 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
    2012-06-11 04:19 - 2012-06-11 04:23 - 00000000 ____D C:\Users\Arrow\AppData\Local\Microsoft Games
    2012-06-09 15:47 - 2012-06-09 15:47 - 00000000 ____D C:\Program Files\Construct 2
    2012-06-08 09:20 - 2012-06-09 21:37 - 00000368 ____A C:\Users\Arrow\d3d_antilag.log
    2012-06-08 00:11 - 2012-06-08 00:11 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
    2012-06-08 00:05 - 2012-06-08 00:09 - 00272448 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-06-08 00:05 - 2012-06-08 00:05 - 00001932 ____A C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
    2012-06-08 00:05 - 2012-06-08 00:05 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
    2012-06-08 00:04 - 2012-06-08 00:10 - 00000000 ____D C:\Users\Arrow\AppData\Roaming\DAEMON Tools Pro
    2012-06-08 00:04 - 2012-06-08 00:05 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
    2012-06-06 17:24 - 2012-06-06 18:45 - 00000000 ____D C:\Users\Arrow\Downloads\CM11_FINAL
    2012-06-06 17:23 - 2012-06-06 17:26 - 00000000 ____D C:\Users\Arrow\Downloads\CM11_to_CM11.05
    2012-06-06 17:20 - 2012-06-06 17:23 - 00000000 ____D C:\Users\Arrow\Documents\Torrents
    2012-06-05 12:38 - 2012-06-05 12:38 - 00003288 ____N C:\bootsqm.dat
    2012-06-04 10:49 - 2012-06-04 10:49 - 27144192 ____A C:\Windows\System32\config\system.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 117665792 ____A C:\Windows\System32\config\software.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 00303104 ____A C:\Windows\System32\config\default.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 00065536 ____A C:\Windows\System32\config\sam.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 00036864 ____A C:\Windows\System32\config\security.iobit
    2012-06-01 13:11 - 2012-06-01 13:11 - 00000000 ____D C:\Users\Arrow\AppData\Local\FOMM
    2012-06-01 13:11 - 2012-06-01 13:11 - 00000000 ____D C:\Program Files (x86)\GeMM

    Continued...
     
  5. ATedin

    ATedin TS Rookie Topic Starter

    ============ 3 Months Modified Files ========================

    2012-07-01 15:58 - 2011-03-04 00:43 - 01326718 ____A C:\Windows\WindowsUpdate.log
    2012-07-01 15:56 - 2009-07-13 21:13 - 00894848 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-01 15:21 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-01 15:21 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-01 15:16 - 2012-06-19 11:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-01 15:11 - 2012-07-01 15:11 - 00000056 ____A C:\Windows\setupact.log
    2012-07-01 15:11 - 2012-07-01 15:11 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-01 15:11 - 2012-03-08 15:28 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001UA.job
    2012-07-01 15:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-01 12:18 - 2012-07-01 12:18 - 00000294 ____A C:\Windows\PFRO.log
    2012-07-01 08:54 - 2012-07-01 08:54 - 00595968 ____A (OldTimer Tools) C:\Users\Arrow\Desktop\OTL.exe
    2012-07-01 08:29 - 2012-07-01 08:29 - 00711240 ____A C:\Windows\isRS-000.tmp
    2012-07-01 08:29 - 2012-07-01 08:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-01 07:57 - 2012-07-01 07:57 - 00000000 ____A C:\Users\Arrow\dir
    2012-07-01 07:39 - 2012-07-01 07:38 - 00882688 ____A (New Technology Studio) C:\Users\Arrow\Downloads\ovisetup.exe
    2012-07-01 07:37 - 2012-07-01 07:35 - 82688000 ____A C:\Users\Arrow\Downloads\anim.img
    2012-06-29 11:42 - 2012-03-08 15:28 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001Core.job
    2012-06-27 16:30 - 2012-03-31 09:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-27 16:30 - 2011-05-21 06:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-25 20:03 - 2012-06-25 20:03 - 00001250 ____A C:\Users\Arrow\Desktop\Bethesda Softworks.lnk
    2012-06-25 09:25 - 2012-06-25 09:25 - 00001007 ____A C:\Users\Public\Desktop\PowerISO.lnk
    2012-06-25 09:24 - 2012-06-25 09:23 - 07559656 ____A C:\Users\Arrow\Downloads\PowerISO5.exe
    2012-06-24 21:33 - 2012-06-24 21:32 - 54179488 ____A C:\Users\Arrow\Downloads\Fallout3_1.7_English_US.exe
    2012-06-24 21:10 - 2012-06-24 21:07 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part82.rar
    2012-06-24 21:09 - 2012-06-24 21:09 - 27752090 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part83.rar
    2012-06-24 21:08 - 2012-06-24 21:06 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part81.rar
    2012-06-24 21:07 - 2012-06-24 21:04 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part80.rar
    2012-06-24 21:06 - 2012-06-24 21:03 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part79.rar
    2012-06-24 21:04 - 2012-06-24 21:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part78.rar
    2012-06-24 21:03 - 2012-06-24 21:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part77.rar
    2012-06-24 21:01 - 2012-06-24 20:58 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part75.rar
    2012-06-24 21:00 - 2012-06-24 20:59 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part76.rar
    2012-06-24 20:58 - 2012-06-24 20:56 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part74.rar
    2012-06-24 20:58 - 2012-06-24 20:55 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part73.rar
    2012-06-24 20:56 - 2012-06-24 20:54 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part72.rar
    2012-06-24 20:55 - 2012-06-24 20:53 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part71.rar
    2012-06-24 20:53 - 2012-06-24 20:51 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part70.rar
    2012-06-24 20:52 - 2012-06-24 20:50 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part69.rar
    2012-06-24 20:51 - 2012-06-24 20:47 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part68.rar
    2012-06-24 20:49 - 2012-06-24 20:45 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part67.rar
    2012-06-24 20:46 - 2012-06-24 20:43 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part66.rar
    2012-06-24 20:45 - 2012-06-24 20:41 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part65.rar
    2012-06-24 20:43 - 2012-06-24 20:40 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part64.rar
    2012-06-24 20:41 - 2012-06-24 20:39 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part63.rar
    2012-06-24 20:39 - 2012-06-24 20:36 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part62.rar
    2012-06-24 20:38 - 2012-06-24 20:36 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part61.rar
    2012-06-24 20:36 - 2012-06-24 20:32 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part59.rar
    2012-06-24 20:35 - 2012-06-24 20:33 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part60.rar
    2012-06-24 20:32 - 2012-06-24 20:29 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part58.rar
    2012-06-24 20:31 - 2012-06-24 20:29 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part57.rar
    2012-06-24 20:28 - 2012-06-24 20:25 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part56.rar
    2012-06-24 20:28 - 2012-06-24 20:24 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part55.rar
    2012-06-24 20:24 - 2012-06-24 20:21 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part54.rar
    2012-06-24 20:24 - 2012-06-24 20:20 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part53.rar
    2012-06-24 20:20 - 2012-06-24 20:18 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part52.rar
    2012-06-24 20:20 - 2012-06-24 20:17 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part51.rar
    2012-06-24 20:17 - 2012-06-24 20:15 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part50.rar
    2012-06-24 20:17 - 2012-06-24 20:13 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part49.rar
    2012-06-24 20:15 - 2012-06-24 20:11 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part48.rar
    2012-06-24 20:13 - 2012-06-24 20:10 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part47.rar
    2012-06-24 20:11 - 2012-06-24 20:08 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-fo3gotye.part46.rar
    2012-06-24 20:10 - 2012-06-24 20:07 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part45.rar
    2012-06-24 20:08 - 2012-06-24 20:05 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part44.rar
    2012-06-24 20:07 - 2012-06-24 20:04 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part43.rar
    2012-06-24 20:05 - 2012-06-24 20:02 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part42.rar
    2012-06-24 20:04 - 2012-06-24 20:01 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part41.rar
    2012-06-24 20:01 - 2012-06-24 20:00 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part40.rar
    2012-06-24 20:01 - 2012-06-24 19:57 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part39.rar
    2012-06-24 19:59 - 2012-06-24 19:57 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part38.rar
    2012-06-24 19:57 - 2012-06-24 19:54 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part37.rar
    2012-06-24 19:56 - 2012-06-24 19:53 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part36.rar
    2012-06-24 19:53 - 2012-06-24 19:51 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part35.rar
    2012-06-24 19:53 - 2012-06-24 19:50 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part34.rar
    2012-06-24 19:51 - 2012-06-24 19:48 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part32.rar
    2012-06-24 19:50 - 2012-06-24 19:48 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part33.rar
    2012-06-24 19:47 - 2012-06-24 19:45 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part31.rar
    2012-06-24 19:47 - 2012-06-24 19:45 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part30.rar
    2012-06-24 19:45 - 2012-06-24 19:42 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part28.rar
    2012-06-24 19:44 - 2012-06-24 19:42 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part29.rar
    2012-06-24 19:42 - 2012-06-24 19:39 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part27.rar
    2012-06-24 19:42 - 2012-06-24 19:39 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part26.rar
    2012-06-24 19:39 - 2012-06-24 19:36 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part25.rar
    2012-06-24 19:39 - 2012-06-24 19:36 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part24.rar
    2012-06-24 19:35 - 2012-06-24 19:33 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part23.rar
    2012-06-24 19:35 - 2012-06-24 19:32 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part22.rar
    2012-06-24 19:32 - 2012-06-24 19:29 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part21.rar
    2012-06-24 19:32 - 2012-06-24 19:29 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part20.rar
    2012-06-24 19:29 - 2012-06-24 19:26 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part19.rar
    2012-06-24 19:29 - 2012-06-24 19:25 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part18.rar
    2012-06-24 19:25 - 2012-06-24 19:22 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part17.rar
    2012-06-24 19:25 - 2012-06-24 19:22 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part16.rar
    2012-06-24 19:22 - 2012-06-24 19:19 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part15.rar
    2012-06-24 19:22 - 2012-06-24 19:18 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part14.rar
    2012-06-24 19:18 - 2012-06-24 19:16 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part13.rar
    2012-06-24 19:18 - 2012-06-24 19:15 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part12.rar
    2012-06-24 19:15 - 2012-06-24 19:11 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part11.rar
    2012-06-24 19:15 - 2012-06-24 19:11 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part10.rar
    2012-06-24 19:10 - 2012-06-24 19:07 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part09.rar
    2012-06-24 19:10 - 2012-06-24 18:59 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part06.rar
    2012-06-24 19:07 - 2012-06-24 19:04 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part08.rar
    2012-06-24 19:04 - 2012-06-24 19:02 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part07.rar
    2012-06-24 19:01 - 2012-06-24 18:59 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part05.rar
    2012-06-24 18:59 - 2012-06-24 18:55 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part04.rar
    2012-06-24 18:58 - 2012-06-24 18:54 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part03.rar
    2012-06-24 18:54 - 2012-06-24 18:50 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part02.rar
    2012-06-24 18:54 - 2012-06-24 18:50 - 99048576 ____A C:\Users\Arrow\Downloads\psycho-FO3GOTYE.part01.rar
    2012-06-24 18:41 - 2012-06-24 18:41 - 00002037 ____A C:\Users\Arrow\Desktop\JDownloader.lnk
    2012-06-24 18:38 - 2012-06-24 18:38 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Arrow\Downloads\WebInstaller.exe
    2012-06-22 22:55 - 2012-06-22 22:55 - 06997317 ____A C:\Users\Arrow\Downloads\rusty ruin_2.mp3
    2012-06-21 18:01 - 2012-06-21 18:00 - 07054336 ____A C:\Users\Arrow\Downloads\xnafx40_redist.msi
    2012-06-21 17:21 - 2012-06-21 17:19 - 00931252 ____A C:\Users\Arrow\Downloads\unins000.exe
    2012-06-21 17:20 - 2012-06-21 17:20 - 00016620 ____A C:\Users\Arrow\Downloads\unins000.dat
    2012-06-21 17:20 - 2012-06-21 17:17 - 17395200 ____A (Bethesda Softworks) C:\Users\Arrow\Downloads\TESV.exe
    2012-06-20 21:28 - 2012-06-20 21:28 - 00000773 ____A C:\Users\Arrow\Desktop\Toribash.lnk
    2012-06-20 20:25 - 2012-06-20 20:25 - 00000368 ____A C:\Users\Arrow\Documents\YoutubeProtectionRemover.js
    2012-06-20 17:21 - 2012-06-20 17:21 - 00005062 ____A C:\Users\Arrow\Documents\Dragon_EnglishAlphabetical.txt
    2012-06-20 12:23 - 2012-06-20 12:23 - 01122224 ____A (Yuna Software) C:\Users\Arrow\Downloads\Setup-MsgPlus-511.exe
    2012-06-20 12:20 - 2012-06-20 12:20 - 00001641 ____A C:\Users\Arrow\Desktop\MSN Messenger.lnk
    2012-06-20 12:05 - 2012-06-20 12:05 - 00000020 ____A C:\Windows\0öÑ
    2012-06-19 20:15 - 2012-06-19 20:15 - 00028892 ____A C:\Users\Arrow\.recently-used.xbel
    2012-06-18 21:41 - 2012-06-18 21:41 - 00000562 ____A C:\Users\Arrow\Desktop\Fraps.lnk
    2012-06-18 19:39 - 2012-06-18 19:39 - 00001403 ____A C:\Users\Arrow\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk
    2012-06-18 11:42 - 2011-04-21 04:06 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2012-06-18 10:24 - 2012-06-18 10:22 - 00001896 ____A C:\Users\Arrow\Desktop\devenv.exe - Shortcut.lnk
    2012-06-17 05:48 - 2012-06-17 05:48 - 00001188 ____A C:\Users\Arrow\Desktop\FL Studio 10.lnk
    2012-06-15 01:35 - 2012-05-27 23:56 - 00002083 ____A C:\Users\Public\Desktop\ThuumicShouter.lnk
    2012-06-12 22:41 - 2012-06-12 22:41 - 00000896 ____A C:\Users\Arrow\Desktop\Audio Repeater.lnk
    2012-06-11 22:32 - 2012-06-11 22:32 - 00001803 ____A C:\Users\UpdatusUser\Desktop\exe-1.04.0.lnk
    2012-06-11 10:02 - 2012-06-11 10:02 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
    2012-06-11 10:02 - 2012-06-11 10:02 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
    2012-06-11 08:39 - 2011-11-22 13:37 - 00003584 ____A C:\Users\Arrow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-10 04:31 - 2009-07-13 21:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-09 21:37 - 2012-06-08 09:20 - 00000368 ____A C:\Users\Arrow\d3d_antilag.log
    2012-06-08 00:09 - 2012-06-08 00:05 - 00272448 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-06-08 00:05 - 2012-06-08 00:05 - 00001932 ____A C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
    2012-06-06 17:11 - 2012-05-01 18:26 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2012-06-05 12:38 - 2012-06-05 12:38 - 00003288 ____N C:\bootsqm.dat
    2012-06-04 10:49 - 2012-06-04 10:49 - 27144192 ____A C:\Windows\System32\config\system.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 117665792 ____A C:\Windows\System32\config\software.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 00303104 ____A C:\Windows\System32\config\default.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 00065536 ____A C:\Windows\System32\config\sam.iobit
    2012-06-04 10:49 - 2012-06-04 10:49 - 00036864 ____A C:\Windows\System32\config\security.iobit
    2012-06-04 10:36 - 2012-03-02 11:32 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
    2012-05-30 20:10 - 2012-06-25 09:24 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
    2012-05-30 12:45 - 2012-05-30 12:45 - 00001642 ____A C:\Users\Arrow\Desktop\sonic generations - Shortcut.lnk
    2012-05-29 22:03 - 2012-05-29 22:03 - 00001008 ____A C:\Users\Arrow\Desktop\Mixcraft 5.lnk
    2012-05-29 16:54 - 2012-05-29 16:54 - 00001116 ____A C:\Users\Arrow\Desktop\Game Maker.lnk
    2012-05-29 16:41 - 2012-05-29 16:41 - 00001966 ____A C:\Users\Public\Desktop\3DS MAX 2013 64.lnk
    2012-05-29 16:31 - 2009-07-13 18:34 - 00017852 ____A C:\Windows\System32\Drivers\etc\services
    2012-05-28 20:58 - 2012-05-28 20:58 - 00002099 ____A C:\Users\Public\Desktop\3DS MAX 2012 32.lnk
    2012-05-28 08:34 - 2009-07-13 20:45 - 05089800 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-27 23:56 - 2011-06-30 11:11 - 00060200 ____A C:\Users\Arrow\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-27 21:15 - 2012-05-27 21:15 - 00001064 ____A C:\Users\Arrow\Desktop\VACSystem.lnk
    2012-05-24 19:18 - 2012-05-24 19:18 - 00000046 ____H C:\Users\Public\Documents\msdrls.dat
    2012-05-20 00:16 - 2012-05-20 00:16 - 00002134 ____A C:\Users\Arrow\Desktop\MorphVOX Pro.lnk
    2012-05-20 00:15 - 2012-05-20 00:15 - 00001796 ____A C:\Users\Arrow\Desktop\Mudbox 2012 64-bit.lnk
    2012-05-19 19:02 - 2012-05-19 19:02 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-05-17 17:39 - 2012-05-17 17:39 - 00001322 ____A C:\Users\Arrow\Desktop\The Elder Scrolls V Skyrim - Shortcut.lnk
    2012-05-15 02:48 - 2012-05-22 17:01 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-05-22 17:01 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-05-15 02:48 - 2012-05-22 17:01 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-05-15 02:48 - 2012-04-25 10:30 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2012-03-18 07:14 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-05-15 02:48 - 2012-03-17 18:01 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-03-17 18:01 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2012-03-17 18:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 02:48 - 2012-03-17 18:00 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-03-17 18:00 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2012-03-17 18:00 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 01:29 - 2012-03-18 07:16 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-05-15 01:29 - 2012-03-17 18:02 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2012-03-17 18:02 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2012-03-17 18:02 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2012-03-17 18:02 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2012-03-17 18:02 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-14 08:50 - 2012-05-14 08:44 - 00001456 ____A C:\Users\Arrow\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-05-13 15:25 - 2012-05-13 15:38 - 00132880 ____A (Microsoft Corporation) C:\Windows\MSINET.OCX
    2012-05-12 14:52 - 2012-02-24 13:50 - 00001168 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    2012-05-12 14:52 - 2012-02-24 13:50 - 00001156 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
    2012-05-11 18:08 - 2012-05-11 18:08 - 00000668 ____A C:\Users\Public\Desktop\MMSSTV.lnk
    2012-05-11 12:45 - 2011-05-03 18:57 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-05-10 19:37 - 2011-10-18 19:24 - 00000063 ____A C:\Windows\entpack.ini
    2012-05-09 19:46 - 2011-10-16 18:14 - 00000132 ____A C:\Users\Arrow\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-05-09 15:13 - 2011-12-05 14:14 - 00001418 ____A C:\Users\Arrow\Desktop\Skype.lnk
    2012-05-07 03:56 - 2012-05-07 03:56 - 00126976 ____A (Home) C:\Windows\SysWOW64\DWUtilities.dll
    2012-05-02 21:00 - 2012-05-02 21:00 - 00025528 ____A C:\Users\Arrow\AppData\Local\recently-used.xbel
    2012-05-01 15:57 - 2012-05-01 15:57 - 00001237 ____A C:\Users\Arrow\Desktop\Adobe Premiere Pro CS5.lnk
    2012-05-01 14:11 - 2011-06-06 16:14 - 00021504 ____A C:\Windows\System32\umstartup.etl
    2012-05-01 12:22 - 2011-06-06 16:14 - 00015360 ____A C:\Windows\System32\umstartup000.etl
    2012-04-29 18:18 - 2012-04-29 18:18 - 00000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-04-29 13:01 - 2012-04-29 13:00 - 00003644 ____A C:\Users\Arrow\Documents\Reg3.reg
    2012-04-29 12:59 - 2012-04-29 12:59 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-04-18 21:43 - 2011-04-23 08:47 - 00001331 ____A C:\Users\Arrow\Desktop\Steam Apps.lnk
    2012-04-18 09:08 - 2012-05-22 17:01 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-04-18 09:08 - 2012-05-22 17:01 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-04-18 09:08 - 2012-03-18 07:14 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
    2012-04-18 06:47 - 2012-06-23 21:44 - 01816440 ____A (Wacom Technology, Corp.) C:\Windows\System32\WacomMT.dll
    2012-04-18 06:47 - 2012-06-23 21:44 - 01765240 ____A (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.dll
    2012-04-18 06:47 - 2012-06-23 21:44 - 01758584 ____A (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Touch_Tablet.dll
    2012-04-18 06:47 - 2012-06-23 21:44 - 01484152 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
    2012-04-18 06:47 - 2012-06-23 21:44 - 01450872 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
    2012-04-18 06:47 - 2012-06-23 21:44 - 01444216 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
    2012-04-18 06:47 - 2011-04-25 15:53 - 01830776 ____A (Wacom Technology, Corp.) C:\Windows\System32\Wintab32.dll
    2012-04-18 06:47 - 2011-04-25 15:53 - 01496952 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
    2012-04-17 18:03 - 2012-04-17 18:03 - 00003043 ____A C:\Users\Arrow\Desktop\inSSIDer.lnk
    2012-04-15 19:07 - 2012-03-20 18:30 - 00221630 ____A C:\Windows\hpoins19.dat
    2012-04-15 19:07 - 2012-03-20 16:02 - 00005773 ____A C:\Users\All Users\hpzinstall.log
    2012-04-15 19:06 - 2009-07-13 18:34 - 00000449 ____A C:\Windows\win.ini
    2012-04-15 18:41 - 2012-04-14 21:40 - 00005048 ____A C:\Windows\SysWOW64\TEST.log
    2012-04-09 18:44 - 2011-10-29 09:30 - 00005216 ____A C:\Users\Arrow\Documents\V5Env.log
    2012-04-07 09:26 - 2011-05-01 10:18 - 00820688 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-04-04 12:56 - 2011-04-22 08:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    ZeroAccess:
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\L
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\L\00000004.@
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\00000004.@
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\00000008.@
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\000000cb.@
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\80000032.@
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\80000064.@

    ZeroAccess:
    C:\Users\Arrow\AppData\Local\{c84977a7-17ec-a865-098e-d28866e06bb7}
    C:\Users\Arrow\AppData\Local\{c84977a7-17ec-a865-098e-d28866e06bb7}\@
    C:\Users\Arrow\AppData\Local\{c84977a7-17ec-a865-098e-d28866e06bb7}\L
    C:\Users\Arrow\AppData\Local\{c84977a7-17ec-a865-098e-d28866e06bb7}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 17%
    Total physical RAM: 4095.24 MB
    Available physical RAM: 3372.24 MB
    Total Pagefile: 4093.44 MB
    Available Pagefile: 3371.47 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:218.89 GB) NTFS
    2 Drive e: (GTA IV Disc 1) (CDROM) (Total:7.03 GB) (Free:0 GB) UDF
    3 Drive f: (FEDORA) (Removable) (Total:7.52 GB) (Free:0.67 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 7712 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7711 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FEDORA FAT32 Removable 7711 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-03-20 17:00

    ======================= End Of Log ==========================
     
  6. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  7. ATedin

    ATedin TS Rookie Topic Starter

    Results of "Services.exe" Search

    Farbar Recovery Scan Tool Version: 01-07-2012 01
    Ran by SYSTEM at 2012-07-01 19:46:23
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  8. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.


    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  9. ATedin

    ATedin TS Rookie Topic Starter

    FixLog
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012 01
    Ran by SYSTEM at 2012-07-01 22:00:57 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    efavdrv service deleted successfully.
    C:\Windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7} moved successfully.
    C:\Users\Arrow\AppData\Local\{c84977a7-17ec-a865-098e-d28866e06bb7} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
    ComboFix
    ComboFix 12-07-01.04 - Arrow 07/01/2012 22:18:03.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2418 [GMT -5:00]
    Running from: c:\users\Arrow\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\Roaming
    c:\programdata\Roaming\Disney Interactive\Lilo & Stitch Trouble In Paradise\LSConfig.ini
    c:\users\Arrow\AppData\Roaming\Love
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-1.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-2.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-3.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-4.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\icon.png
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\settings.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\version.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\smb\1-1.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\smb\3-1.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\smb\4-2.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\smb\4-2_4.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\mappacks\smb\5-2.txt
    c:\users\Arrow\AppData\Roaming\Love\mari0\options.txt
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\@
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\L\00000004.@
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\L\55490ac4
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\00000004.@
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\00000008.@
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\000000cb.@
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\80000032.@
    c:\windows\Installer\{c84977a7-17ec-a865-098e-d28866e06bb7}\U\80000064.@
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-02 03:40 . 2012-07-02 03:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-02 03:40 . 2012-07-02 03:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-02 03:04 . 2012-07-02 03:05 -------- d-----w- C:\FRST
    2012-07-01 16:45 . 2012-07-01 16:45 -------- d-----w- C:\553097c4c6b2a41554125ab234e0
    2012-07-01 16:21 . 2012-07-01 16:22 -------- d-----w- c:\users\Arrow\AppData\Roaming\GetRightToGo
    2012-07-01 16:00 . 2012-07-01 16:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-01 15:39 . 2012-07-01 15:39 -------- d-----w- c:\users\Arrow\AppData\Roaming\New Technology Studio
    2012-06-28 06:12 . 2012-06-28 06:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-06-25 21:06 . 2012-06-25 21:15 -------- d-----w- c:\users\Arrow\AppData\Local\FalloutNV
    2012-06-25 17:25 . 2012-06-25 17:25 -------- d-----w- c:\users\Arrow\AppData\Local\AVG Secure Search
    2012-06-25 17:24 . 2012-06-25 17:25 -------- d-----w- c:\programdata\AVG Secure Search
    2012-06-25 17:24 . 2012-06-25 17:24 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-06-25 17:24 . 2012-06-25 17:25 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-06-25 17:24 . 2012-06-25 17:24 -------- d--h--w- c:\programdata\Common Files
    2012-06-25 17:24 . 2012-06-25 17:25 -------- d-----w- c:\program files (x86)\PowerISO
    2012-06-25 17:24 . 2012-05-31 04:10 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
    2012-06-25 06:47 . 2012-06-25 06:47 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
    2012-06-25 06:47 . 2012-06-25 06:47 -------- d-----w- c:\program files\Application Verifier (x64)
    2012-06-25 06:47 . 2012-06-25 06:47 -------- d-----w- c:\program files (x86)\Application Verifier
    2012-06-25 05:35 . 2012-06-25 05:36 -------- d-----w- c:\users\Arrow\AppData\Local\Fallout3
    2012-06-25 05:27 . 2012-06-25 21:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks
    2012-06-25 05:24 . 2012-06-25 05:24 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2012-06-25 05:24 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2012-06-25 05:24 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2012-06-25 05:24 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2012-06-25 05:24 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2012-06-25 05:24 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2012-06-25 05:24 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2012-06-25 05:24 . 2012-06-25 05:24 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2012-06-25 02:40 . 2012-06-25 02:46 -------- d-----w- c:\program files (x86)\JDownloader
    2012-06-24 05:44 . 2012-04-18 14:47 1758584 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
    2012-06-24 05:44 . 2012-04-18 14:47 1444216 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll
    2012-06-24 05:44 . 2012-04-18 14:47 1816440 ----a-w- c:\windows\system32\WacomMT.dll
    2012-06-24 05:44 . 2012-04-18 14:47 1765240 ----a-w- c:\windows\system32\Wacom_Tablet.dll
    2012-06-24 05:44 . 2012-04-18 14:47 1484152 ----a-w- c:\windows\SysWow64\WacomMT.dll
    2012-06-24 05:44 . 2012-04-18 14:47 1450872 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll
    2012-06-23 04:53 . 2012-06-28 06:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-06-21 05:29 . 2012-06-21 05:29 -------- d-----w- c:\users\Arrow\AppData\Roaming\Toribash
    2012-06-21 02:19 . 2012-06-21 02:19 -------- d-----w- c:\program files (x86)\Valve
    2012-06-20 20:17 . 2012-06-20 20:17 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
    2012-06-20 20:17 . 2012-06-20 20:17 -------- d-----w- c:\windows\PCHEALTH
    2012-06-20 20:15 . 2008-06-17 21:13 74520 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\80772b481cd4f21\DSETUP.dll
    2012-06-20 20:15 . 2008-06-17 21:13 484632 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\80772b481cd4f21\DXSETUP.exe
    2012-06-20 20:15 . 2008-06-17 21:13 1670936 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\80772b481cd4f21\dsetup32.dll
    2012-06-20 05:59 . 2012-06-20 05:59 -------- d-----w- c:\users\Arrow\AppData\Local\Macromedia
    2012-06-20 05:58 . 2012-06-27 20:28 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-06-20 05:58 . 2012-06-27 20:28 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-06-20 05:58 . 2012-06-27 20:28 157600 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-06-20 05:58 . 2012-06-27 20:28 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-06-20 05:58 . 2012-06-13 03:20 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-20 05:58 . 2012-06-13 03:20 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-20 02:42 . 2012-06-20 02:42 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\45b759f81cd4e8e1a\DSETUP.dll
    2012-06-20 02:42 . 2012-06-20 02:42 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\45b759f81cd4e8e1a\DXSETUP.exe
    2012-06-20 02:42 . 2012-06-20 02:42 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\45b759f81cd4e8e1a\dsetup32.dll
    2012-06-20 02:41 . 2012-06-20 02:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\423e9a701cd4e8e19\DSETUP.dll
    2012-06-20 02:41 . 2012-06-20 02:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\423e9a701cd4e8e19\DXSETUP.exe
    2012-06-20 02:41 . 2012-06-20 02:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\423e9a701cd4e8e19\dsetup32.dll
    2012-06-18 17:50 . 2012-06-18 17:50 -------- d-----w- c:\program files\Microsoft Sync Framework
    2012-06-18 17:49 . 2012-06-18 17:49 -------- d-----w- c:\programdata\PreEmptive Solutions
    2012-06-18 17:45 . 2012-06-18 17:45 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
    2012-06-18 17:45 . 2012-06-18 17:45 -------- d-----w- c:\program files\IIS
    2012-06-18 17:45 . 2012-06-18 17:45 -------- d-----w- c:\program files (x86)\IIS
    2012-06-18 17:37 . 2012-06-18 17:40 -------- d-----w- c:\program files (x86)\Microsoft F#
    2012-06-18 17:37 . 2012-06-18 17:40 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
    2012-06-18 17:37 . 2012-06-18 17:39 -------- d-----w- c:\program files (x86)\HTML Help Workshop
    2012-06-18 17:29 . 2012-07-02 03:41 -------- d-----w- c:\users\Arrow\AppData\Roaming\XWindows Dock
    2012-06-18 17:28 . 2012-06-18 17:28 -------- d-----w- c:\program files (x86)\XWindows Dock
    2012-06-18 17:00 . 2012-06-18 17:00 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2012-06-18 17:00 . 2012-06-18 17:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2012-06-18 16:58 . 2012-06-18 17:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
    2012-06-18 16:57 . 2012-06-18 17:50 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2012-06-18 16:57 . 2012-06-18 16:57 -------- d-----w- c:\windows\symbols
    2012-06-18 16:57 . 2012-06-18 16:57 -------- d-----w- c:\program files\Microsoft Help Viewer
    2012-06-17 21:58 . 2012-06-17 21:58 -------- d-----w- c:\programdata\Media Center Programs
    2012-06-17 21:53 . 2012-06-24 20:34 -------- d-----w- c:\program files (x86)\Tomb Raider - Anniversary
    2012-06-17 21:16 . 2012-06-17 21:16 -------- d-----w- c:\program files\NTCore
    2012-06-12 06:33 . 2012-06-12 06:33 -------- d-----w- c:\users\Arrow\AppData\Roaming\exe
    2012-06-12 06:32 . 2012-06-12 06:32 -------- d-----w- c:\program files (x86)\exe
    2012-06-11 18:02 . 2012-06-11 18:02 71680 ----a-w- c:\windows\system32\frapsv64.dll
    2012-06-11 18:02 . 2012-06-11 18:02 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
    2012-06-11 12:19 . 2012-06-11 12:23 -------- d-----w- c:\users\Arrow\AppData\Local\Microsoft Games
    2012-06-09 23:47 . 2012-06-09 23:47 -------- d-----w- c:\program files\Construct 2
    2012-06-08 08:05 . 2012-06-08 08:09 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-06-08 08:05 . 2012-06-08 08:05 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
    2012-06-08 08:04 . 2012-06-08 08:10 -------- d-----w- c:\users\Arrow\AppData\Roaming\DAEMON Tools Pro
    2012-06-08 08:04 . 2012-06-08 08:05 -------- d-----w- c:\programdata\DAEMON Tools Pro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-28 00:30 . 2012-03-31 17:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-28 00:30 . 2011-05-21 14:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-20 03:02 . 2012-05-20 03:02 53248 ----a-w- c:\users\Arrow\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-05-20 03:02 . 2012-05-20 03:02 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-05-15 10:48 . 2012-05-23 01:01 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-05-15 10:48 . 2012-05-23 01:01 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-05-23 01:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 10:48 . 2012-05-23 01:01 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-23 01:01 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-23 01:01 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-23 01:01 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-23 01:01 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-23 01:01 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-23 01:01 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-23 01:01 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-23 01:01 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-23 01:01 246592 ----a-w- c:\windows\system32\nvinitx.dll
    2012-05-15 10:48 . 2012-05-23 01:01 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-23 01:01 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-05-15 10:48 . 2012-05-23 01:01 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2012-05-23 01:01 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-23 01:01 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-04-25 18:30 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2012-03-18 15:14 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2012-03-18 02:01 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2012-03-18 02:01 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2012-03-18 02:00 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2012-03-18 02:00 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2012-03-18 02:00 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 09:29 . 2012-03-18 02:02 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2012-03-18 02:02 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2012-03-18 02:02 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2012-03-18 15:16 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:29 . 2012-03-18 02:02 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2012-03-18 02:02 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-13 23:25 . 2012-05-13 23:38 132880 ----a-w- c:\windows\MSINET.OCX
    2012-05-07 11:56 . 2012-05-07 11:56 126976 ----a-w- c:\windows\SysWow64\DWUtilities.dll
    2012-04-18 17:08 . 2012-05-23 01:01 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2012-04-18 17:08 . 2012-05-23 01:01 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2012-04-18 17:08 . 2012-03-18 15:14 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-04-18 14:47 . 2011-04-25 23:53 1830776 ----a-w- c:\windows\system32\Wintab32.dll
    2012-04-18 14:47 . 2011-04-25 23:53 1496952 ----a-w- c:\windows\SysWow64\Wintab32.dll
    2012-04-04 20:56 . 2011-04-22 16:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
    2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-06-25 17:24 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-11-18 01:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-10 1242448]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "puush"="c:\program files (x86)\puush\puush.exe" [2012-04-16 565480]
    "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Facebook Update"="c:\users\Arrow\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-08 137536]
    "Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "ProcessTamer"="c:\program files (x86)\ProcessTamer\ProcessTamerTray.exe" [2009-03-28 163840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-06-19 119808]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-10-27 192816]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-25 1104440]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Creative Element Power Tools Startup.lnk - c:\program files (x86)\Creative Element Power Tools\Startup.exe [2011-11-8 265384]
    XWindows Dock.lnk - c:\program files (x86)\XWindows Dock\XWD.exe [2012-6-18 2217984]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    R2 AODDriver4.01;AODDriver4.01; [x]
    R2 AODDriver4.1;AODDriver4.1; [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files (x86)\Autodesk\32\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-02-23 86016]
    R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
    R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-11-16 131912]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-30 1432400]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
    R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
    R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-22 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544]
    R3 X6va006;X6va006; [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    R4 AMD FUEL Service;AMD FUEL Service; [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-08 272448]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-06-19 119808]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
    S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
    S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
    S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-25 935480]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2007-05-15 58112]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18288]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:30]
    .
    2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001Core.job
    - c:\users\Arrow\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 23:28]
    .
    2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001UA.job
    - c:\users\Arrow\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 23:28]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Arrow\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://isearch.avg.com/?cid={D5171AC6-7BCE-4843-A0BF-22A9D45E3005}&mid=c99821d0f0f947d086cfbd2b2b2b3e5b-81b99addd29fa23349d5d213bf9915f1cccbcad9&lang=en&ds=st011&pr=sa&d=2012-06-25 12:24&v=11.1.0.7&sap=hp
    mStart Page = hxxp://www.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    TCP: DhcpNameServer = 192.168.1.254
    Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
    Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
    Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Arrow\AppData\Roaming\Mozilla\Firefox\Profiles\qkqwwqv7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.YouTube.com
    FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3134745461-3267416101-373290674-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:b5,b7,ef,b4,cc,53,cd,57,3e,2c,11,ce,89,2b,e6,a8,a7,ea,84,b1,33,60,16,
    fd,79,c6,f0,2d,79,e0,42,56,18,f1,de,f7,25,0b,28,5c,fc,70,a3,c4,03,76,65,b1,\
    "??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05
    .
    [HKEY_USERS\S-1-5-21-3134745461-3267416101-373290674-1001\Software\SecuROM\License information*]
    "datasecu"=hex:a7,30,7b,18,b4,34,44,69,61,ca,b7,83,c1,9e,22,de,53,a0,dd,06,90,
    68,a5,4a,09,52,04,56,ce,62,97,43,1c,c3,f6,31,dc,09,d8,77,8a,65,28,ef,8d,06,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:4a,57,dc,c8,42,26,12,7d,f2,2d,87,cf,56,8a,73,e0,c5,1c,3b,d5,bd,
    13,40,ad,f1,aa,78,3f,e7,9e,b9,3a,0e,3f,89,6e,b8,9d,d4,a3,03,88,e2,02,95,b9,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
    @Denied: (A 2 3) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
    @="%SystemRoot%\\Explorer.exe"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
    @="DAO.Client"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
    @="{C8618CE4-0572-8424-8336-68696A726D75}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:4a,57,dc,c8,42,26,12,7d,f2,2d,87,cf,56,8a,73,e0,c5,1c,3b,d5,bd,
    13,40,ad,f1,aa,78,3f,e7,9e,b9,3a,0e,3f,89,6e,b8,9d,d4,a3,03,88,e2,02,95,b9,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\IObit\Game Booster\gbtray.exe
    c:\fraps\fraps.exe
    c:\programdata\Boxtools\Toolbox.exe
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-01 23:15:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-02 04:14
    .
    Pre-Run: 235,344,900,096 bytes free
    Post-Run: 234,581,499,904 bytes free
    .
    - - End Of File - - F55FAB003F4855368CEF91E9F309CBB9
     
  10. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good :)

    Any current issues?

    ===================================================

    Uninstall Advanced SystemCare 5.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ======================================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. ATedin

    ATedin TS Rookie Topic Starter

    Hey, no warnings or anything now!

    MBAM Scan, No malware found
    -----
    OTL LogFile:

    OTL logfile created on: 7/1/2012 11:56:48 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Arrow\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.06% Memory free
    8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.67% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 218.51 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
    Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 7.52 Gb Total Space | 0.67 Gb Free Space | 8.98% Space Free | Partition Type: FAT32

    Computer Name: ARROW-PC | User Name: Arrow | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 23:54:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arrow\Desktop\OTL.exe
    PRC - [2012/06/25 12:24:52 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    PRC - [2012/06/25 12:24:51 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/06/19 10:53:44 | 000,119,808 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
    PRC - [2012/06/11 13:03:08 | 002,551,472 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
    PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
    PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    PRC - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
    PRC - [2012/04/16 15:24:35 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/03/08 18:28:31 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Arrow\AppData\Local\Facebook\Update\FacebookUpdate.exe
    PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2012/03/03 21:55:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/12/09 12:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2011/10/27 04:27:06 | 000,192,816 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
    PRC - [2011/10/08 18:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2011/03/17 03:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
    PRC - [2010/12/03 15:04:58 | 002,217,984 | ---- | M] (Lichonos Vladimir) -- C:\Program Files (x86)\XWindows Dock\XWD.exe
    PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/03/27 21:53:12 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\ProcessTamer\ProcessTamerTray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/25 12:24:53 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
    MOD - [2012/06/25 12:24:51 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/05/11 15:54:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/11 15:53:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
    MOD - [2012/05/11 15:53:44 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
    MOD - [2012/05/11 15:53:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/11 15:53:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/11 15:53:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/11 15:52:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/04/16 15:24:35 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
    MOD - [2011/08/07 06:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files (x86)\BrowserCompanion\sqlite3.dll
    MOD - [2011/07/28 21:16:38 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
    MOD - [2010/11/06 17:21:44 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\XWindows Dock\XWDCore.dll
    MOD - [2009/03/27 21:53:12 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\ProcessTamer\ProcessTamerTray.exe
    MOD - [2009/03/21 12:02:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\XWindows Dock\libsasl.dll
    MOD - [2009/02/17 10:19:22 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\XWindows Dock\curllib.dll
    MOD - [2003/10/23 23:27:46 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\XWindows Dock\openldap.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/05/29 19:41:31 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
    SRV:64bit: - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
    SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
    SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2012/06/27 19:30:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/27 15:28:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/06/25 12:24:52 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
    SRV - [2012/06/19 10:53:44 | 000,119,808 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
    SRV - [2012/06/19 00:40:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/28 23:58:27 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
    SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/03 21:55:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/11/16 16:26:03 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
    SRV - [2011/10/08 18:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\32\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/08 03:09:21 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/05/30 23:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/12/05 14:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2010/06/23 04:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
    DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
    DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 00:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
    DRV:64bit: - [2007/05/15 13:15:28 | 000,058,112 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
    DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={D5171A...1cccbcad9&lang=en&ds=st011&pr=sa&d=2012-06-25 12:24:55&v=11.1.0.7&sap=hp
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\SearchScopes\{25AF4317-9CC1-468C-A1AD-7D2333B41495}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = http://plusnetwork.com/?sp=brw&q={searchTerms}
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...1cccbcad9&lang=en&ds=st011&pr=sa&d=2012-06-25 12:24:55&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "www.YouTube.com"
    FF - prefs.js..keyword.URL: "http://www.plusnetwork.com/?sp=addr&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@3ds.com/3dxml: C:\Program Files\Dassault Systemes\3D XML Player 12\win_b64\code\bin\NP3DXMLPlugin.dll ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@3ds.com/3dxml: C:\Program Files\Dassault Systemes\3D XML Player 12\win_b64\code\bin32\NP3DXMLPlugin.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-221a4807685c44e7\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Arrow\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Arrow\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/05/28 23:11:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/24 00:08:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/20 21:43:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/25 12:25:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/27 15:28:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/05/28 23:11:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/20 21:43:16 | 000,000,000 | ---D | M]

    [2012/03/07 01:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arrow\AppData\Roaming\Mozilla\Extensions
    [2012/06/29 14:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arrow\AppData\Roaming\Mozilla\Firefox\Profiles\qkqwwqv7.default\extensions
    [2012/03/22 19:55:39 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Users\Arrow\AppData\Roaming\Mozilla\Firefox\Profiles\qkqwwqv7.default\extensions\linkuryfirefoxremoteplugin@linkury.com
    [2012/03/22 19:55:40 | 000,002,286 | ---- | M] () -- C:\Users\Arrow\AppData\Roaming\Mozilla\Firefox\Profiles\qkqwwqv7.default\searchplugins\Messenger Plus Smartbar Search.xml
    [2012/06/20 00:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/06 14:51:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/27 15:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/06/29 14:56:54 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\ARROW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKQWWQV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/06/20 01:03:22 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\ARROW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKQWWQV7.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/06/27 15:28:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/25 12:24:49 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/06/12 22:20:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/12 22:20:28 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/01 22:43:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
    O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
    O4 - HKLM..\Run: [ProcessTamer] C:\Program Files (x86)\ProcessTamer\ProcessTamerTray.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [Facebook Update] C:\Users\Arrow\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1021..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1021..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk = C:\Program Files (x86)\Creative Element Power Tools\Startup.exe (Creative Element)
    O4 - Startup: C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk = C:\Program Files (x86)\XWindows Dock\XWD.exe (Lichonos Vladimir)

    Continued...
     
     
  12. ATedin

    ATedin TS Rookie Topic Starter

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3134745461-3267416101-373290674-1021\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C39AE6-6CC2-4E1F-8539-5988C0067824}: DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53904714-778F-4A4D-8922-895C79E0969B}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\base64 - No CLSID value found
    O18:64bit: - Protocol\Handler\chrome - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\prox - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
    O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
    O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/05/29 18:40:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2008/11/15 04:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - D:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/10/11 12:03:48 | 000,000,054 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/01 22:43:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/01 22:14:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/01 22:14:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/01 22:14:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/01 22:05:40 | 004,568,936 | R--- | C] (Swearware) -- C:\Users\Arrow\Desktop\ComboFix.exe
    [2012/07/01 22:04:58 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/01 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\Arrow\Desktop\Virus Software For June 2012
    [2012/07/01 11:54:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Arrow\Desktop\OTL.exe
    [2012/07/01 11:45:41 | 000,000,000 | ---D | C] -- C:\553097c4c6b2a41554125ab234e0
    [2012/07/01 11:22:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/01 11:22:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/01 11:21:29 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\GetRightToGo
    [2012/07/01 11:00:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/01 10:39:42 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
    [2012/07/01 10:39:41 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\New Technology Studio
    [2012/06/28 01:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/06/28 01:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/06/25 16:06:01 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\FalloutNV
    [2012/06/25 16:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
    [2012/06/25 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
    [2012/06/25 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\AVG Secure Search
    [2012/06/25 12:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/06/25 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/06/25 12:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/06/25 12:24:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/06/25 12:24:21 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
    [2012/06/25 12:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
    [2012/06/25 01:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
    [2012/06/25 01:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
    [2012/06/25 01:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
    [2012/06/25 01:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
    [2012/06/25 01:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
    [2012/06/25 01:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64)
    [2012/06/25 01:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.0
    [2012/06/25 00:35:07 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\Fallout3
    [2012/06/25 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
    [2012/06/25 00:10:09 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\WinRAR
    [2012/06/24 21:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
    [2012/06/24 00:44:22 | 001,758,584 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wacom_Touch_Tablet.dll
    [2012/06/24 00:44:22 | 001,444,216 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wacom_Touch_Tablet.dll
    [2012/06/24 00:44:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
    [2012/06/24 00:44:08 | 001,816,440 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
    [2012/06/24 00:44:08 | 001,765,240 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wacom_Tablet.dll
    [2012/06/24 00:44:08 | 001,484,152 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
    [2012/06/24 00:44:08 | 001,450,872 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wacom_Tablet.dll
    [2012/06/23 12:55:51 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
    [2012/06/22 23:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/06/22 23:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/06/21 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\Toribash
    [2012/06/21 00:13:52 | 000,000,000 | ---D | C] -- C:\Users\Arrow\Documents\NekoFight
    [2012/06/20 21:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
    [2012/06/20 15:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2012/06/20 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2012/06/20 15:17:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/06/20 14:40:31 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\{E929EF71-793E-4320-A827-C06E167F1780}
    [2012/06/20 14:39:58 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\{5B878C59-B743-428F-8510-295F782D5D48}
    [2012/06/20 00:59:02 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\Macromedia
    [2012/06/19 22:00:01 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\{173E8505-4827-4A45-BA25-F45AB0EA6478}
    [2012/06/19 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\{0859876B-1297-431F-A69B-A8A087C88C5E}
    [2012/06/19 00:41:21 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
    [2012/06/18 12:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
    [2012/06/18 12:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
    [2012/06/18 12:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
    [2012/06/18 12:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
    [2012/06/18 12:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
    [2012/06/18 12:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
    [2012/06/18 12:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
    [2012/06/18 12:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
    [2012/06/18 12:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
    [2012/06/18 12:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
    [2012/06/18 12:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
    [2012/06/18 12:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
    [2012/06/18 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\XWindows Dock
    [2012/06/18 12:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XWindows Dock
    [2012/06/18 12:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XWindows Dock
    [2012/06/18 12:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2012/06/18 12:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2012/06/18 11:59:26 | 000,000,000 | ---D | C] -- C:\Users\Arrow\Documents\Visual Studio 2010
    [2012/06/18 11:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
    [2012/06/18 11:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
    [2012/06/18 11:57:13 | 000,000,000 | ---D | C] -- C:\Windows\symbols
    [2012/06/18 11:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
    [2012/06/18 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
    [2012/06/17 16:59:33 | 000,000,000 | ---D | C] -- C:\Users\Arrow\Documents\Eidos
    [2012/06/17 16:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
    [2012/06/17 16:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tomb Raider - Anniversary
    [2012/06/17 16:16:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Explorer Suite Signatures
    [2012/06/17 16:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
    [2012/06/17 16:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\NTCore
    [2012/06/13 06:46:58 | 000,000,000 | ---D | C] -- C:\Users\Arrow\Documents\FL Soundfronts
    [2012/06/12 01:33:00 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\exe
    [2012/06/12 01:32:11 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
    [2012/06/12 01:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exe
    [2012/06/12 01:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\exe
    [2012/06/11 13:02:16 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
    [2012/06/11 13:02:12 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
    [2012/06/11 07:19:23 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Local\Microsoft Games
    [2012/06/09 18:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Construct 2
    [2012/06/08 03:11:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
    [2012/06/08 03:05:23 | 000,272,448 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2012/06/08 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
    [2012/06/08 03:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
    [2012/06/08 03:04:59 | 000,000,000 | ---D | C] -- C:\Users\Arrow\AppData\Roaming\DAEMON Tools Pro
    [2012/06/08 03:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
    [2012/06/06 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Arrow\Documents\Torrents
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/02 00:16:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/01 23:54:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arrow\Desktop\OTL.exe
    [2012/07/01 23:33:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001UA.job
    [2012/07/01 22:51:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 22:51:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 22:43:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/01 22:42:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/01 22:42:19 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/01 22:05:40 | 004,568,936 | R--- | M] (Swearware) -- C:\Users\Arrow\Desktop\ComboFix.exe
    [2012/07/01 18:56:43 | 000,894,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/01 18:56:43 | 000,741,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/01 18:56:43 | 000,152,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/01 11:29:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 10:57:07 | 000,000,000 | ---- | M] () -- C:\Users\Arrow\dir
    [2012/06/29 14:42:49 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001Core.job
    [2012/06/25 23:03:18 | 000,001,250 | ---- | M] () -- C:\Users\Arrow\Desktop\Bethesda Softworks.lnk
    [2012/06/25 12:25:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2012/06/24 21:41:25 | 000,002,037 | ---- | M] () -- C:\Users\Arrow\Desktop\JDownloader.lnk
    [2012/06/24 21:41:25 | 000,002,001 | ---- | M] () -- C:\Users\Arrow\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
    [2012/06/21 00:28:58 | 000,000,773 | ---- | M] () -- C:\Users\Arrow\Desktop\Toribash.lnk
    [2012/06/20 23:25:19 | 000,000,368 | ---- | M] () -- C:\Users\Arrow\Documents\YoutubeProtectionRemover.js
    [2012/06/20 15:20:48 | 000,001,641 | ---- | M] () -- C:\Users\Arrow\Desktop\MSN Messenger.lnk
    [2012/06/20 15:05:21 | 000,000,020 | ---- | M] () -- C:\Windows\0öÑ
    [2012/06/19 23:15:49 | 000,028,892 | ---- | M] () -- C:\Users\Arrow\.recently-used.xbel
    [2012/06/19 00:41:21 | 000,000,562 | ---- | M] () -- C:\Users\Arrow\Desktop\Fraps.lnk
    [2012/06/18 22:39:23 | 000,001,403 | ---- | M] () -- C:\Users\Arrow\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk
    [2012/06/18 14:42:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2012/06/18 13:24:20 | 000,001,896 | ---- | M] () -- C:\Users\Arrow\Desktop\devenv.exe - Shortcut.lnk
    [2012/06/18 12:35:21 | 000,001,150 | ---- | M] () -- C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk
    [2012/06/17 08:48:59 | 000,001,188 | ---- | M] () -- C:\Users\Arrow\Desktop\FL Studio 10.lnk
    [2012/06/15 04:35:35 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\ThuumicShouter.lnk
    [2012/06/13 01:41:51 | 000,000,896 | ---- | M] () -- C:\Users\Arrow\Desktop\Audio Repeater.lnk
    [2012/06/11 13:02:16 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
    [2012/06/11 13:02:12 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
    [2012/06/11 11:39:52 | 000,003,584 | ---- | M] () -- C:\Users\Arrow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/08 03:09:21 | 000,272,448 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2012/06/08 03:05:19 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
    [2012/06/06 20:11:56 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    [2012/06/05 15:38:06 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
    [2012/06/04 13:36:12 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/01 22:14:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/01 22:14:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/01 22:14:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/01 22:14:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/01 22:14:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/01 11:29:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 10:57:07 | 000,000,000 | ---- | C] () -- C:\Users\Arrow\dir
    [2012/06/28 22:17:00 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2012/06/25 23:03:18 | 000,001,250 | ---- | C] () -- C:\Users\Arrow\Desktop\Bethesda Softworks.lnk
    [2012/06/25 12:25:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2012/06/24 21:41:25 | 000,002,037 | ---- | C] () -- C:\Users\Arrow\Desktop\JDownloader.lnk
    [2012/06/24 21:41:25 | 000,002,001 | ---- | C] () -- C:\Users\Arrow\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
    [2012/06/24 21:41:16 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
    [2012/06/24 21:41:16 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
    [2012/06/24 21:41:16 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
    [2012/06/21 00:28:58 | 000,000,773 | ---- | C] () -- C:\Users\Arrow\Desktop\Toribash.lnk
    [2012/06/20 23:25:18 | 000,000,368 | ---- | C] () -- C:\Users\Arrow\Documents\YoutubeProtectionRemover.js
    [2012/06/20 15:20:48 | 000,001,641 | ---- | C] () -- C:\Users\Arrow\Desktop\MSN Messenger.lnk
    [2012/06/20 15:05:21 | 000,000,020 | ---- | C] () -- C:\Windows\0öÑ
    [2012/06/19 23:15:49 | 000,028,892 | ---- | C] () -- C:\Users\Arrow\.recently-used.xbel
    [2012/06/19 14:26:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/19 00:41:21 | 000,000,562 | ---- | C] () -- C:\Users\Arrow\Desktop\Fraps.lnk
    [2012/06/18 22:39:23 | 000,001,403 | ---- | C] () -- C:\Users\Arrow\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk
    [2012/06/18 13:22:44 | 000,001,896 | ---- | C] () -- C:\Users\Arrow\Desktop\devenv.exe - Shortcut.lnk
    [2012/06/18 12:31:30 | 000,001,150 | ---- | C] () -- C:\Users\Arrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk
    [2012/06/17 08:48:59 | 000,001,188 | ---- | C] () -- C:\Users\Arrow\Desktop\FL Studio 10.lnk
    [2012/06/13 01:41:51 | 000,000,896 | ---- | C] () -- C:\Users\Arrow\Desktop\Audio Repeater.lnk
    [2012/06/09 18:47:19 | 000,000,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
    [2012/06/08 03:05:19 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
    [2012/06/05 15:38:06 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/05/14 11:44:53 | 000,001,456 | ---- | C] () -- C:\Users\Arrow\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/05/12 17:52:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/05/03 00:00:50 | 000,025,528 | ---- | C] () -- C:\Users\Arrow\AppData\Local\recently-used.xbel
    [2012/03/23 19:01:48 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_processtamer_InstallInfo.dat
    [2012/03/23 19:01:48 | 000,000,046 | ---- | C] () -- C:\Users\Arrow\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
    [2012/03/20 21:30:26 | 000,221,630 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2012/03/20 21:30:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/01/23 18:06:39 | 000,000,314 | ---- | C] () -- C:\Windows\EReg515.dat
    [2012/01/23 18:02:52 | 000,001,425 | ---- | C] () -- C:\Windows\disney.ini
    [2012/01/23 18:02:47 | 000,000,203 | ---- | C] () -- C:\Windows\disneysy.ini
    [2011/12/21 02:26:38 | 000,000,132 | ---- | C] () -- C:\Users\Arrow\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2011/12/04 18:49:55 | 000,110,552 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/11/22 16:37:44 | 000,003,584 | ---- | C] () -- C:\Users\Arrow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/08 23:36:49 | 000,039,424 | ---- | C] () -- C:\Windows\SysWow64\rpiAccessProcess.dll
    [2011/11/06 15:43:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
    [2011/11/06 15:43:44 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
    [2011/11/06 15:43:44 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
    [2011/10/18 22:24:52 | 000,000,063 | ---- | C] () -- C:\Windows\entpack.ini
    [2011/10/16 21:14:31 | 000,000,132 | ---- | C] () -- C:\Users\Arrow\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/10/13 15:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2011/09/30 21:09:47 | 000,000,556 | ---- | C] () -- C:\Windows\hegames.ini
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/24 10:51:56 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/09/04 13:36:25 | 000,001,442 | ---- | C] () -- C:\Windows\lightworks.ini
    [2011/08/29 22:55:44 | 000,860,211 | --S- | C] () -- C:\Windows\SysWow64\XSIFtk-3.6.2.1.dll
    [2011/07/16 21:44:16 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
    [2011/07/16 21:43:13 | 000,000,469 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2011/07/11 07:23:50 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/07/11 07:23:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/06/01 16:30:54 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\tokamakdll.dll
    [2011/05/01 13:18:18 | 000,820,688 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/26 20:17:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/04/22 17:56:49 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2011/04/22 11:49:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\XSIChooser.exe
    [2011/03/14 12:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
    [2011/03/04 03:43:42 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

    ========== LOP Check ==========

    [2012/05/30 22:42:54 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\.minecraft
    [2012/04/12 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\.Nitrous
    [2011/04/23 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Acoustica
    [2011/04/22 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Activision
    [2011/04/23 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Antares
    [2011/07/15 20:37:09 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Applied Acoustics Systems
    [2012/06/22 03:57:26 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Audacity
    [2012/05/29 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Autodesk
    [2011/04/24 21:03:20 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Blender Foundation
    [2011/08/07 22:43:26 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Celemony Software GmbH
    [2012/06/08 03:10:45 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\DAEMON Tools Pro
    [2011/10/29 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\DassaultSystemes
    [2011/08/07 15:32:11 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\DigiCel
    [2012/03/23 19:01:48 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\DonationCoder
    [2011/11/26 02:21:05 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Downloaded Installations
    [2011/11/19 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Dropbox
    [2012/04/02 18:47:00 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\DVDVideoSoft
    [2012/06/12 01:33:00 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\exe
    [2011/11/30 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\GameMaker
    [2012/07/01 11:22:16 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\GetRightToGo
    [2012/06/19 23:15:49 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\gtk-2.0
    [2011/12/03 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\IObit
    [2011/06/28 00:32:19 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Leadertech
    [2012/03/03 23:01:34 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\ManyCam
    [2012/01/11 00:23:05 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\MonoDevelop-Unity-2.8
    [2012/07/01 10:39:41 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\New Technology Studio
    [2011/04/23 10:44:19 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Opera
    [2011/09/24 10:51:56 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\PACE Anti-Piracy
    [2011/06/30 16:11:10 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\PhotoScape
    [2011/12/24 21:20:28 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\PunkBuster
    [2011/11/26 02:22:11 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\puush
    [2012/05/02 23:54:08 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\sc68
    [2011/05/26 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Screaming Bee
    [2011/05/17 19:37:23 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\SecondLife
    [2011/10/29 13:42:08 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\SimLab
    [2012/03/09 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\SLumpEd
    [2011/09/11 22:22:29 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Sony
    [2011/09/24 10:53:18 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/08/06 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Subversion
    [2011/04/23 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\SynthMaker
    [2011/12/27 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\SystemRequirementsLab
    [2012/03/05 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\TypeItReadIt
    [2011/12/25 17:53:49 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Ubisoft
    [2012/01/10 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Unity
    [2012/06/27 03:08:33 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\uTorrent
    [2012/05/28 00:14:04 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\VAC
    [2011/09/27 20:48:33 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\Windows Live Writer
    [2012/07/01 22:41:14 | 000,000,000 | ---D | M] -- C:\Users\Arrow\AppData\Roaming\XWindows Dock
    [2012/04/24 22:31:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2012/04/24 22:31:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2011/05/05 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
    [2012/06/29 14:42:49 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001Core.job
    [2012/07/01 23:33:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3134745461-3267416101-373290674-1001UA.job
    [2012/06/10 07:31:55 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/06/07 11:40:04 | 000,021,504 | ---- | M] ()(C:\Windows\SysNative\?) -- C:\Windows\SysNative\Ɯ
    [2011/06/07 11:38:38 | 000,021,504 | ---- | C] ()(C:\Windows\SysNative\?) -- C:\Windows\SysNative\Ɯ
    [2011/05/29 12:31:42 | 000,012,288 | ---- | M] ()(C:\Windows\SysNative\?) -- C:\Windows\SysNative\ɀ
    [2011/05/29 12:31:42 | 000,012,288 | ---- | C] ()(C:\Windows\SysNative\?) -- C:\Windows\SysNative\ɀ
    [2011/05/25 20:00:15 | 000,012,288 | ---- | M] ()(C:\Windows\SysNative\?) -- C:\Windows\SysNative\Ʉ
    [2011/05/25 20:00:15 | 000,012,288 | ---- | C] ()(C:\Windows\SysNative\?) -- C:\Windows\SysNative\Ʉ

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 979 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:K2LpbiFAffAWnXTLXYN
    @Alternate Data Stream - 968 bytes -> C:\ProgramData\Microsoft:5GMZG1W2SHtIpI25qHVbM1Azn
    @Alternate Data Stream - 933 bytes -> C:\ProgramData\Microsoft:KOd7y6S0Q1hEZdC8eDEAkd1I4
    @Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:XYCiaYradlUqX12kOOzPqGcd0
    @Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:6yjxIg8Z223RnYhitTc8WwDV1r
    @Alternate Data Stream - 1149 bytes -> C:\ProgramData\Microsoft:hj2alT58atVzGZFg6Y5OSC
    @Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:AzqXud2di39YCY6u3popd560ES9
    @Alternate Data Stream - 1085 bytes -> C:\ProgramData\Microsoft:v2BgxMCb2qMtZ32ug4Ht22dM8x
    @Alternate Data Stream - 1051 bytes -> C:\ProgramData\Microsoft:wintGQ38PgzI1cJYAKGEFEJ2IWF
    @Alternate Data Stream - 1001 bytes -> C:\ProgramData\Microsoft:hn4keBmtN1MUdaCu9dDaq4VHbJ

    < End of report >
     
  13. ATedin

    ATedin TS Rookie Topic Starter

    OTL Extras

    OTL Extras logfile created on: 7/1/2012 11:56:48 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Arrow\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.06% Memory free
    8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.67% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 218.51 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
    Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 7.52 Gb Total Space | 0.67 Gb Free Space | 8.98% Space Free | Partition Type: FAT32

    Computer Name: ARROW-PC | User Name: Arrow | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
    "{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
    "{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{28B58F2E-7A0A-4DC5-B2AB-38D547B0532B}" = TortoiseSVN 1.6.99.21737 (64 bit)
    "{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
    "{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
    "{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{35DA1254-D7B7-4620-9D0E-E7356DF5BE67}" = POV-Ray for Windows v3.7 RC3
    "{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
    "{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
    "{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
    "{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
    "{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
    "{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}" = ESET NOD32 Antivirus
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
    "{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
    "{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
    "{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
    "{7E8B0B79-FE18-446D-A0C7-F4CD3F4964BB}" = Autodesk Softimage 2012 64-bit
    "{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
    "{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
    "{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{8A0E5970-F3E6-4737-9A2B-BC5FF0F15FB5}" = Python 2.6b2
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8DEBAA5C-E365-443B-9C44-EA4151D9B400}" = SimLab plugin 2.31 for Autodesk 3DS Max x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
    "{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
    "{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ABE286AE-C65D-B7DE-C8D1-DF79584169B4}" = AMD Fuel
    "{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C389CF17-2759-4429-B05A-3B99D81D56CC}" = 3D XML Player
    "{C854EDED-B6F0-4406-B202-C16C70C4B237}" = NVIDIA PhysX For Autodesk 3ds Max 2012 64bit
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC7C5BA5-0010-1033-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
    "{CC7C5BA5-09B5-428E-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D02526AC-227A-45B8-BD86-E8B97ACDE7B8}" = Embody Animation 1.0 for 3ds Max (64-bit)
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{E31AD2E7-7018-4085-88B0-3FFCCF8AE9C9}" = Microsoft DirectX 9.0 Developer Runtime for x64
    "{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
    "Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
    "Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
    "Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
    "Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
    "Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
    "Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
    "Autodesk Mudbox 2012 64-bit - English" = Autodesk Mudbox 2012 64-bit - English
    "Blender" = Blender
    "CCleaner" = CCleaner
    "Construct 2_is1" = Construct 2 r90
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Explorer Suite_is1" = Explorer Suite III
    "GCFScape_is1" = GCFScape 1.8.2
    "Havok Content Tools" = Havok PcXs Content Tools 2011.3.1 X64 (20120402)
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Pen Tablet Driver" = Bamboo
    "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
    "pywin32-py2.6" = Python 2.6 pywin32-212
    "SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
    "Shop for HP Supplies" = Shop for HP Supplies
    "sp6" = Logitech SetPoint 6.32
    "UDK-3283ec44-fc56-4ad1-ad18-66bfad095424" = SonicGDK PR5
    "UDK-3c0596d5-7c66-44ff-acc8-7f7ce61dc80b" = Unreal Development Kit: 2012-01
    "UDK-4d04f7b8-b7c6-4b60-b3b7-31046bbb1539" = Unreal Development Kit: 2012-05
    "UDK-714a8279-05c2-441a-9f38-58a37ae1a90a" = SonicGDK PR5
    "UDK-7d7ad5ea-bc9e-4df9-b87e-c6ea9186fbfe" = SonicGDK PR5
    "UDK-8afb786d-1721-49f4-905c-957e844d0b7e" = Unreal Development Kit: 2011-04
    "UDK-9797e2db-6003-40cd-a897-e565a598843b" = SonicGDK PR5
    "UDK-9aae6936-9710-4b1b-9bc8-92139af9a50c" = SonicColoursGDK
    "UDK-dd99e1e4-3017-4453-8f3b-d8d45a6f7d45" = Unreal Development Kit: 2011-06
    "UDK-e76746e9-eef6-47c6-8de1-0ad59217dbf1" = SonicGDK PR4
    "UDK-ec480953-34c0-41a8-8f50-c80b69d04ec9" = Unreal Development Kit: 2012-01
    "UDK-eed57199-6467-4a8e-91da-a270c66d7dd4" = SonicColoursGDK
    "UDK-f0c8315e-ba0c-477d-a798-78344c2a56c2" = Unreal Development Kit: 2011-12
    "Virtual Audio Cable 4.6" = Virtual Audio Cable 4.6
    "Wacom Tablet Driver" = Wacom Tablet

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0C9CB04A-5A5A-499E-95FC-F7FA9D70AA8A}" = Autodesk Softimage Mod Tool 7.5
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{243DA072-8E39-424A-86A3-F63152021383}" = Adobe Glyphlet Creation Tool CS3
    "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
    "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
    "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
    "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3F7EEF8A-28C3-4A9E-A45D-55A34BD61E93}" = MelodyneUno 1.8 Demo
    "{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}" = Adobe Creative Suite 3 Production Premium
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
    "{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56FF113E-161E-4843-845E-68E6766C9151}" = ORGasm
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
    "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
    "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
    "{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
    "{5BA9357B-E876-4FB2-8F1B-C7E63AC90E6F}" = Skyrim NPC Editor
    "{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
    "{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
    "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
    "{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
    "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
    "{6211B229-2D0B-4653-9338-3A2FBF2C4A9E}" = MorphVOX Pro
    "{62939D22-F2E8-44BD-A655-0D1F41D5EBA2}" = Autodesk 123D Catch
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{67711EE7-BC7C-4FF1-BBC1-733C38D93F7E}_is1" = Windows Movie Maker 6.0.6000.16386
    "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
    "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
    "{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man(TM) - Web of Shadows
    "{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
    "{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{85317F07-8719-36EF-B19E-B196F383D0F3}" = Microsoft Visual Basic PowerPacks 10.0
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support

    Continued...
     
  14. ATedin

    ATedin TS Rookie Topic Starter

    Files
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8AF728F-2EE8-4322-96B3-656CAD1F7805}" = Facebook Messenger 2.1.4554.0
    "{AB2C906A-8F4A-4881-9A6A-0B06C9790252}" = SimLab 3DPDF
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B279C6DE-B056-4BF3-A3E7-89EB1CFA755E}" = Messenger Plus! Community Smartbar
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B60FDFE5-373B-11D6-B2F7-0002A5E2E59A}" = Disney's Lilo & Stitch Trouble in Paradise
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}" = Adobe Setup
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
    "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
    "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
    "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
    "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{C9C550CB-2390-410E-883F-3BE147D64143}_is1" = ThuumicShouter version 1.94.2 Open Beta
    "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CCF89E7D-8BFC-4B3C-8C9C-8C4E9EF8BA45}" = Auto-Tune EFX VST
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA86215B-D75F-4BBE-9AF0-EEBB6D3214F9}" = Voice Activated Commands
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DC017035-1939-425F-8F86-63B462C76C6A}" = PDF Settings
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
    "{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
    "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
    "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E52424A0-0D5C-4CCE-9A70-900675EA8A8C}" = ORGasm
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E6083921-A185-0409-B058-ACB1DB615AD9}" = Autodesk 3ds Max 2012 32-bit - English
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E6A4E6CD-B92C-4CFD-AEE9-97D361B4CE25}_is1" = TypeIt ReadIt 1.6
    "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (October 2004)
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
    "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
    "{EE03B0F1-7579-4CDD-BA63-BA37A8B9E2DB}" = Microsoft DirectX 9.0 SDK Update (October 2004)
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F71E3066-5D8E-4E58-9B72-43D4365127D3}_is1" = MMSSTV version 1.13A
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FEC02973-0781-49C7-9F04-28DA9BAF0372}" = Composite 2012
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
    "3D Ripper DX_is1" = 3D Ripper DX v1.8.1
    "5513-1208-7298-9440" = JDownloader 0.9
    "Acoustica Effects Pack" = Acoustica Effects Pack
    "Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
    "Acoustica Mixcraft 5" = Acoustica Mixcraft 5
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_aefc483f26b23ab60cc5653016d5017" = Add or Remove Adobe Creative Suite 3 Production Premium
    "Advanced SystemCare 5_is1" = Advanced SystemCare 5
    "AmazingMIDI" = AmazingMIDI
    "ASIO4ALL" = ASIO4ALL
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Autodesk 3ds Max 2012 32-bit - English" = Autodesk 3ds Max 2012 32-bit - English
    "Autodesk 3ds Max 2012 64-bit - English SP1" = Autodesk 3ds Max 2012 64-bit - English SP1
    "Autodesk FBX Plug-in 2012.0 - 3ds Max 2012" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012
    "AVG Secure Search" = AVG Security Toolbar
    "Blender" = Blender (remove only)
    "Blockland" = Blockland
    "Boxoft Mp3 to WAV Converter (freeware)_is1" = Boxoft Mp3 to WAV Converter (freeware)
    "BrowserCompanion" = BrowserCompanion
    "CharacterFX" = CharacterFX (remove only)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Chipamp" = Chipamp
    "CLEO Trainer 2.0 +40_is1" = CLEO Trainer 2.0 +40
    "ColladaMax for Studio" = ColladaMax for Studio
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Crafty_is1" = Crafty 1.0.2
    "Crazybump" = Crazybump (remove only)
    "Creative Element Power Tools" = Creative Element Power Tools
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "Dassault Systemes 3D PrintScreen" = Dassault Systemes 3DVIA Printscreen
    "DDS Converter 2.1" = DDS Converter 2.1
    "Desura" = Desura
    "Desura_29484950487056" = Desura: Dissolution
    "Desura_47326244634640" = Desura: The Citizen
    "Desura_55864639619088" = Desura: Radiator
    "Desura_69647189671952" = Desura: Source Media Arcade
    "Desura_71824738091024" = Desura: Comatose
    "Desura_78928613998608" = Desura:
    "exe" = eXe -- eLearning XHTML editor
    "Fallout New Vegas_is1" = Fallout New Vegas
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "FL Studio 10" = FL Studio 10
    "fragMOTION 1.1.2_is1" = fragMOTION 1.1.2
    "fragMOTION 1.1.3_is1" = fragMOTION 1.1.3
    "fragMOTION 1.1.5_is1" = fragMOTION 1.1.5
    "fragMOTION 1.1.6_is1" = fragMOTION 1.1.6
    "fragMOTION 1.1.7_is1" = fragMOTION 1.1.7
    "Fraps" = Fraps (remove only)
    "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.6.221
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "Game Booster_is1" = Game Booster 3
    "Game Maker 8.0" = Game Maker 8.0
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
    "GTA San Andreas Control Center v2.1.1" = GTA San Andreas Control Center v2.1.1
    "Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
    "Havok Content Tools" = Havok PcXs Content Tools 2011.3.1 (20120402)
    "IDEal_is1" = IDEal 0.8.94
    "IL Download Manager" = IL Download Manager
    "InstallShield_{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man(TM) - Web of Shadows
    "InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM)
    "InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
    "IObit Malware Fighter_is1" = IObit Malware Fighter
    "IrfanView" = IrfanView (remove only)
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "LameACM" = Lame ACM MP3 Codec
    "Logitech Vid" = Logitech Vid HD
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "ManyCam" = ManyCam 2.6.65 (remove only)
    "Messenger Plus!" = Messenger Plus! 5
    "Messenger Plus! for Skype" = Messenger Plus! for Skype
    "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Moray For Windows_is1" = Moray For Windows V3.5
    "Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NaturalMotion endorphin_is1" = NaturalMotion endorphin 2.7.1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Octodad" = Octodad
    "Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
    "Opera 12.00.1467" = Opera 12.00
    "PhotoScape" = PhotoScape
    "PowerISO" = PowerISO
    "Process Tamer_is1" = Process Tamer 2.11.01
    "PunkBusterSvc" = PunkBuster Services
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "San Andreas Mod Installer1.1" = San Andreas Mod Installer
    "Sanny Builder 3_is1" = Sanny Builder 3.04
    "Sauerbraten" = Sauerbraten
    "SecondLifeViewer" = SecondLifeViewer (remove only)
    "SecondLifeViewer2" = SecondLifeViewer2 (remove only)
    "SimLab 3DPDF" = SimLab 3DPDF
    "Smart Defrag 2_is1" = Smart Defrag 2
    "Steam App 10150" = Prototype
    "Steam App 110800" = L.A. Noire: The Complete Edition
    "Steam App 113400" = APB Reloaded
    "Steam App 12200" = Bully: Scholarship Edition
    "Steam App 130" = Half-Life: Blue Shift
    "Steam App 13260" = Unreal Development Kit
    "Steam App 15100" = Assassin's Creed
    "Steam App 17520" = Synergy
    "Steam App 20" = Team Fortress Classic
    "Steam App 200940" = Sonic CD
    "Steam App 203850" = Microsoft Flight
    "Steam App 211" = Source SDK
    "Steam App 211600" = Thief Gold
    "Steam App 211740" = Thief 2
    "Steam App 215" = Source SDK Base 2006
    "Steam App 218" = Source SDK Base 2007
    "Steam App 220" = Half-Life 2
    "Steam App 22690" = Worms Reloaded Demo
    "Steam App 300" = Day of Defeat: Source
    "Steam App 33230" = Assassin's Creed II
    "Steam App 34270" = SEGA Genesis & Mega Drive Classics
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 38830" = CrimeCraft GangWars
    "Steam App 39000" = Moonbase Alpha
    "Steam App 4000" = Garry's Mod
    "Steam App 4010" = Garry's Mod 13
    "Steam App 42300" = Sixense TrueMotion SDK
    "Steam App 440" = Team Fortress 2
    "Steam App 48190" = Assassin's Creed Brotherhood
    "Steam App 50" = Half-Life: Opposing Force
    "Steam App 550" = Left 4 Dead 2
    "Steam App 55130" = HOMEFRONT Demo
    "Steam App 55230" = Saints Row: The Third
    "Steam App 563" = Left 4 Dead 2 Authoring Tools
    "Steam App 57940" = Duke Nukem Forever Demo
    "Steam App 620" = Portal 2
    "Steam App 629" = Portal 2 Authoring Tools - Beta
    "Steam App 6980" = Thief: Deadly Shadows
    "Steam App 71340" = Sonic Generations
    "Steam App 8190" = Just Cause 2
    "Steam App 8980" = Borderlands
    "StudioCompiler" = StudioCompiler v0.4A
    "StudioGPU MachStudio Pro" = StudioGPU MachStudio Pro
    "SystemRequirementsLab" = System Requirements Lab
    "Tomb Raider Chronicles" = Tomb Raider Chronicles
    "Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
    "Tomb Raider: Legend" = Tomb Raider:
    "Unity" = Unity
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "VTFEdit_is1" = VTFEdit 1.2.5
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "Winamp" = Winamp
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Xfire" = Xfire (remove only)
    "XWindows Dock_is1" = XWindows Dock
    "Yahoo! Companion" = Yahoo! Toolbar
    "Zwei-Stein_is1" = Zwei-Stein Video Compositor 3.01 (Beta 2).

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3134745461-3267416101-373290674-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "97eea8c5dc7fba84" = ExMldNet
    "DigiCel FlipBook 6.8" = DigiCel FlipBook 6.8
    "Dropbox" = Dropbox
    "GameMaker81" = GameMaker 8.1
    "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
    "Smart Fortress 2012" = Smart Fortress 2012
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/6/2012 10:19:52 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/6/2012 10:22:59 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Softimage
    2012\Application\python\Lib\distutils\command\wininst-8_d.exe". Dependent Assembly
    Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/6/2012 10:25:08 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/6/2012 10:44:51 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/6/2012 10:47:25 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Softimage
    2012\Application\python\Lib\distutils\command\wininst-8_d.exe". Dependent Assembly
    Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/6/2012 10:49:10 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/6/2012 11:36:44 PM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/7/2012 1:30:20 AM | Computer Name = Arrow-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ACRSP.exe, version: 0.0.0.0, time stamp:
    0x4f154761 Faulting module name: ACRSP.exe, version: 0.0.0.0, time stamp: 0x4f154761
    Exception
    code: 0xc0000005 Fault offset: 0x0131328f Faulting process id: 0x12f8 Faulting application
    start time: 0x01cce54e9ee8c330 Faulting application path: C:\Program Files (x86)\Ubisoft\Assassin's
    Creed Revelations\ACRSP.exe Faulting module path: C:\Program Files (x86)\Ubisoft\Assassin's
    Creed Revelations\ACRSP.exe Report Id: d2ef5878-514c-11e1-b96d-6c626dcfd7a8

    Error - 2/7/2012 6:23:57 PM | Computer Name = Arrow-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/8/2012 1:09:07 AM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
    2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/8/2012 1:11:40 AM | Computer Name = Arrow-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Autodesk\Softimage
    2012\Application\python\Lib\distutils\command\wininst-8_d.exe". Dependent Assembly
    Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/8/2012 5:24:58 PM | Computer Name = Arrow-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 7/1/2012 11:42:32 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 7/1/2012 11:42:39 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/1/2012 11:42:55 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    luafv

    Error - 7/1/2012 11:43:22 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7034
    Description = The mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English
    32-bit service terminated unexpectedly. It has done this 1 time(s).

    Error - 7/1/2012 11:43:22 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7034
    Description = The mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English
    64-bit service terminated unexpectedly. It has done this 1 time(s).

    Error - 7/1/2012 11:43:22 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7034
    Description = The mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit service
    terminated unexpectedly. It has done this 1 time(s).

    Error - 7/1/2012 11:43:59 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1058

    Error - 7/1/2012 11:45:39 PM | Computer Name = Arrow-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 7/1/2012 11:59:38 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1058

    Error - 7/1/2012 11:59:44 PM | Computer Name = Arrow-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1058


    < End of report >

    -----
    Thanks for that tip about the Registry software, I'm going to get rid of this Advanced Systemcare. Thanks for all your help so far, fellow Brony. :3
     
  15. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Please follow my instructions in given order.
    Uninstall Advanced SystemCare now.

    ==============================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-3134745461-3267416101-373290674-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKU\S-1-5-21-3134745461-3267416101-373290674-1021..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 979 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:K2LpbiFAffAWnXTLXYN
      @Alternate Data Stream - 968 bytes -> C:\ProgramData\Microsoft:5GMZG1W2SHtIpI25qHVbM1Azn
      @Alternate Data Stream - 933 bytes -> C:\ProgramData\Microsoft:KOd7y6S0Q1hEZdC8eDEAkd1I4
      @Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:XYCiaYradlUqX12kOOzPqGcd0
      @Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:6yjxIg8Z223RnYhitTc8WwDV1r
      @Alternate Data Stream - 1149 bytes -> C:\ProgramData\Microsoft:hj2alT58atVzGZFg6Y5OSC
      @Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:AzqXud2di39YCY6u3popd560ES9
      @Alternate Data Stream - 1085 bytes -> C:\ProgramData\Microsoft:v2BgxMCb2qMtZ32ug4Ht22dM8x
      @Alternate Data Stream - 1051 bytes -> C:\ProgramData\Microsoft:wintGQ38PgzI1cJYAKGEFEJ2IWF
      @Alternate Data Stream - 1001 bytes -> C:\ProgramData\Microsoft:hn4keBmtN1MUdaCu9dDaq4VHbJ
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  16. ATedin

    ATedin TS Rookie Topic Starter

    OTL Fix

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3134745461-3267416101-373290674-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3134745461-3267416101-373290674-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3134745461-3267416101-373290674-1021\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:K2LpbiFAffAWnXTLXYN deleted successfully.
    ADS C:\ProgramData\Microsoft:5GMZG1W2SHtIpI25qHVbM1Azn deleted successfully.
    ADS C:\ProgramData\Microsoft:KOd7y6S0Q1hEZdC8eDEAkd1I4 deleted successfully.
    ADS C:\ProgramData\Microsoft:XYCiaYradlUqX12kOOzPqGcd0 deleted successfully.
    ADS C:\ProgramData\Microsoft:6yjxIg8Z223RnYhitTc8WwDV1r deleted successfully.
    ADS C:\ProgramData\Microsoft:hj2alT58atVzGZFg6Y5OSC deleted successfully.
    ADS C:\ProgramData\Microsoft:AzqXud2di39YCY6u3popd560ES9 deleted successfully.
    ADS C:\ProgramData\Microsoft:v2BgxMCb2qMtZ32ug4Ht22dM8x deleted successfully.
    ADS C:\ProgramData\Microsoft:wintGQ38PgzI1cJYAKGEFEJ2IWF deleted successfully.
    ADS C:\ProgramData\Microsoft:hn4keBmtN1MUdaCu9dDaq4VHbJ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets folder moved successfully.
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Arrow
    ->Temp folder emptied: 25904211 bytes
    ->Temporary Internet Files folder emptied: 14874589 bytes
    ->Java cache emptied: 1737430 bytes
    ->FireFox cache emptied: 238292041 bytes
    ->Opera cache emptied: 58994937 bytes
    ->Flash cache emptied: 54274 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 311296 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 291293 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 325.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Arrow
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Arrow
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07022012_201153

    Files\Folders moved on Reboot...
    C:\Users\Arrow\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Arrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8G8M5PY1\adoapn_AppNexusDemoActionTag_1[1].htm not found!
    File\Folder C:\Users\Arrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPFDVWR\ADSAdClient31[2].txt not found!
    File\Folder C:\Users\Arrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPFDVWR\tt[1].txt not found!
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Arrow\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Arrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8G8M5PY1\adoapn_AppNexusDemoActionTag_1[1].htm not found!
    File C:\Users\Arrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPFDVWR\ADSAdClient31[2].txt not found!
    File C:\Users\Arrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPFDVWR\tt[1].txt not found!
    [2009/10/07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

    Registry entries deleted on Reboot...

    Checkup

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG Security Toolbar
    Adobe After Effects CS3 Presets
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    IObit IObit Malware Fighter IMFsrv.exe
    ``````````End of Log````````````

    FSS

    Farbar Service Scanner Version: 02-07-2012
    Ran by Arrow (administrator) on 02-07-2012 at 20:22:05
    Running from "C:\Users\Arrow\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Now running Temp File Cleaner, I will post results of next tests soon
     
  17. ATedin

    ATedin TS Rookie Topic Starter

    I ran TFC, restarted, then ran the online scanner. Returned no malware.

    Scanning Report
    Monday, July 2, 2012 20:50:35 - 20:55:43

    Computer name: ARROW-PC
    Scanning type: Quick scan
    Target: System
    No malware found
    Statistics
    Scanned: Files: 7091
    System: 7091
    Not scanned: 0
    Actions: Disinfected: 0
    Renamed: 0
    Deleted: 0
    Not cleaned: 0
    Submitted: 0
    Options
    Scanning engines:
     
  18. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  19. ATedin

    ATedin TS Rookie Topic Starter

    OTL Clearing Of Restore Points

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Arrow
    ->Temp folder emptied: 481305947 bytes
    ->Temporary Internet Files folder emptied: 2075354 bytes
    ->Java cache emptied: 31658 bytes
    ->FireFox cache emptied: 0 bytes
    ->Opera cache emptied: 1262520 bytes
    ->Flash cache emptied: 1133 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 278199 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 462.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Arrow
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Arrow
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07022012_214011

    Files\Folders moved on Reboot...
    C:\Users\Arrow\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Arrow\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2009/10/07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

    Registry entries deleted on Reboot...

    My PC is doing fine now, I installed some programs you suggested, thanks a lot for your help.
     
  20. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.