Svchost.exe trojan - not removed by Malwarebytes

Solved
By clickbang
Aug 4, 2012
  1. Alright guys, new to the forum because this is the first time I've really had a major virus problem. I currently run TrendMicro Business Security and really don't know how I got this virus. I downloaded a few programs the other day because I was backing up some data and cleaning and reorganizing hard drives (CDburnerXP, EaseUS partition master, 7-zip, etc...) and I must have picked this up when doing that. I didn't even notice anything wrong until TrendMicro started pinging me with URL violations which were blocked. I ran a scan and it came up empty. I downloaded Malwarebytes and it found the Trojan, but wouldn't remove it which I found out was common after reading some forums. After running Malewarebytes I restarted my computer, it would boot up but failed with a BSOD after signing into Windows. I downloaded TDSSKiller, ran a sweep, it found a pihar virus which is pretty nasty from my reading. It cured it, and I was able to restart in normal mode. I ran combofix and that's where I'm at currently. I need help to make sure that the computer is completely free of the virus and has no backdoor. I'm just not versed in this type of diagnostics so I'm guessing you will need the logs from the latest scans. I will provide malwarebytes, tdsskiller, and combofix in the next few posts. Hope someone can help me out. Thanks in advance.

    Regards,

    Craig
  2. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    ComboFix 12-08-04.02 - Craig Lick 08/04/2012 17:20:40.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.3685 [GMT -4:00]
    Running from: c:\users\Craig Lick\Desktop\ComboFix.exe
    AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    FW: Trend Micro Personal Firewall *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
    FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
    SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\IMinent Toolbar\tbHElper.dll
    c:\program files (x86)\Windows Searchqu Toolbar
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\sysid.ini
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
    c:\users\Craig Lick\AppData\Roaming\2E192A
    c:\users\Craig Lick\Documents\~WRL2493.tmp
    c:\windows\svchost.exe
    c:\windows\SysWow64\test
  3. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-04 21:40 . 2012-08-04 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-04 21:06 . 2012-08-04 21:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-04 14:16 . 2012-08-04 14:16 -------- d-----w- c:\users\Craig Lick\AppData\Roaming\Malwarebytes
    2012-08-04 14:16 . 2012-08-04 14:16 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-04 14:16 . 2012-08-04 14:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-04 14:16 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 06:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55D54081-9AC0-47E8-9896-408A8584A108}\mpengine.dll
    2012-07-25 00:01 . 2012-07-25 00:01 -------- d-----w- c:\programdata\Canneverbe Limited
    2012-07-25 00:01 . 2012-07-25 00:01 -------- d-----w- c:\users\Craig Lick\AppData\Roaming\Canneverbe Limited
    2012-07-25 00:01 . 2012-07-25 00:01 -------- d-----w- c:\program files (x86)\CDBurnerXP
    2012-07-24 22:59 . 2012-07-24 23:09 -------- d-----w- c:\users\Craig Lick\AppData\Roaming\ImgBurn
    2012-07-24 22:57 . 2012-07-24 22:58 -------- d-----w- c:\program files (x86)\ImgBurn
    2012-07-24 01:21 . 2012-07-24 01:22 -------- d-----w- c:\program files\7-Zip
    2012-07-22 15:22 . 2012-07-22 15:22 -------- d-----w- c:\windows\en
    2012-07-22 15:18 . 2012-07-22 15:18 -------- d-----w- c:\program files\Windows Live
    2012-07-22 15:08 . 2012-07-22 15:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cea395081cd681b01\DSETUP.dll
    2012-07-22 15:08 . 2012-07-22 15:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cea395081cd681b01\DXSETUP.exe
    2012-07-22 15:08 . 2012-07-22 15:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cea395081cd681b01\dsetup32.dll
    2012-07-20 00:50 . 2012-05-03 21:52 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2012-07-20 00:50 . 2012-05-03 21:51 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2012-07-20 00:50 . 2012-05-03 21:51 58504 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2012-07-20 00:50 . 2012-05-03 21:52 48776 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2012-07-20 00:50 . 2012-05-03 21:52 25224 ----a-w- c:\windows\system32\fbnative.exe
    2012-07-20 00:47 . 2012-05-17 21:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe
    2012-07-20 00:47 . 2012-05-15 15:13 3316736 ----a-w- c:\windows\system32\BootMan.exe
    2012-07-20 00:47 . 2011-07-29 17:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2012-07-20 00:47 . 2011-07-29 17:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
    2012-07-20 00:47 . 2011-07-29 17:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
    2012-07-20 00:47 . 2011-07-29 17:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
    2012-07-20 00:47 . 2011-07-29 17:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2012-07-20 00:47 . 2011-07-29 17:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
    2012-07-20 00:47 . 2011-07-29 17:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
    2012-07-20 00:47 . 2011-07-29 17:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
    2012-07-20 00:46 . 2012-07-20 00:49 -------- d-----w- c:\program files (x86)\EaseUS
    2012-07-14 01:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 10:40 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 10:40 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 10:40 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 10:40 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 10:40 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 10:40 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 05:55 . 2012-04-20 00:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 05:55 . 2011-08-14 22:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-14 01:52 . 2010-10-31 00:54 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-11 20:17 . 2010-09-11 13:59 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-07-11 20:17 . 2010-09-11 13:59 34720 ----a-w- c:\windows\system32\LMIport.dll
    2012-07-11 20:17 . 2010-09-11 13:59 80800 ----a-w- c:\windows\system32\LMIinit.dll
    2012-06-21 20:24 . 2011-12-10 14:49 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-06-21 20:24 . 2011-12-10 14:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-06-02 22:19 . 2012-06-21 00:57 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 00:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 00:58 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 00:58 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 00:57 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 00:58 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 00:57 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 00:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 00:57 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 16:25 . 2010-09-10 09:53 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-30 21:41 . 2012-05-30 21:41 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-25 23:08 . 2012-05-25 23:08 53248 ----a-r- c:\users\Craig Lick\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-05-25 23:07 . 2011-09-04 16:36 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-05-22 10:03 . 2010-09-11 13:59 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    2010-07-02 13:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
    .
    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 15144328]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
    "TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-11-20 1517520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Popup"="c:\program files (x86)\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-12-18 81096]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "PeachtreePrefetcher.exe"="c:\progra~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2009-04-06 23040]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-06-21 296056]
    "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-05-03 71816]
    "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-05-03 750728]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104]
    .
    c:\users\Craig Lick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Snagit 9.lnk - c:\program files (x86)\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7217480]
    Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2012-3-29 129536]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
    UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-9-8 29310]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-13 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-01 79360]
    R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-11-13 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-25 1038088]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-07-27 339040]
    R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [2010-07-27 68064]
    R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-07-27 6465632]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-05-03 58504]
    S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-05-03 48776]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-05-03 19592]
    S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-05-03 189576]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-09 196688]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
    S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-05-03 70280]
    S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-05-03 24712]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]
    S2 Peachtree SmartPosting 2010;Peachtree SmartPosting 2010;c:\program files (x86)\Sage Software\Peachtree\SmartPostingService2010.exe [2009-04-06 38400]
    S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-04-07 435496]
    S2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-09-12 144680]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-05 379496]
    S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-08 50704]
    S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-09 338000]
    S2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files (x86)\UGS\UGSLicensing\lmgrd.exe [2009-07-07 1510152]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
    S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-06-26 918064]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 05:55]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786357333-3721308993-2941691671-1000Core.job
    - c:\users\Craig Lick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 02:39]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786357333-3721308993-2941691671-1000UA.job
    - c:\users\Craig Lick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 02:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeScanNT Monitor"="-HideWindow" [X]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
    "LXCICATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCItime.dll" [2006-11-21 31744]
    "lxcimon.exe"="c:\program files (x86)\Lexmark 7300 Series\lxcimon.exe" [2007-05-11 205744]
    "EzPrint"="c:\program files (x86)\Lexmark 7300 Series\ezprint.exe" [2007-05-11 103344]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1712672]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "combofix"="c:\combofix\CF7858.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    DPF: {E2A96175-32D0-4651-B228-B474C2408346} - hxxp://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    AddRemove-Searchqu 102 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:14,81,cb,e1,0c,6a,5c,0b,5b,cd,ab,4b,89,3f,a5,a2,7a,4d,96,e2,13,
    24,1e,35,ce,6d,36,f0,85,ba,a7,80,11,53,15,6e,de,61,36,a1,eb,e8,a2,f4,7b,ae,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:14,81,cb,e1,0c,6a,5c,0b,5b,cd,ab,4b,89,3f,a5,a2,7a,4d,96,e2,13,
    24,1e,35,ce,6d,36,f0,85,ba,a7,80,11,53,15,6e,de,61,36,a1,eb,e8,a2,f4,7b,ae,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
    c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    c:\windows\SysWOW64\CTXFISPI.EXE
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD20Mail.exe
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD30Calendar.exe
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD40Task.exe
    c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    c:\program files (x86)\TechSmith\Snagit 9\TSCHelp.exe
    c:\program files (x86)\TechSmith\Snagit 9\SnagPriv.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\TechSmith\Snagit 9\snagiteditor.exe
    c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-04 18:42:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-04 22:42
    .
    Pre-Run: 86,384,472,064 bytes free
    Post-Run: 86,714,716,160 bytes free
    .
    - - End Of File - - 9D152D1877C5CBFCCE62B2DA1811E7D6
  4. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    19:11:46.0214 8100 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

    19:11:46.0979 8100 ============================================================

    19:11:46.0979 8100 Current date / time: 2012/08/04 19:11:46.0979

    19:11:46.0979 8100 SystemInfo:

    19:11:46.0979 8100

    19:11:46.0979 8100 OS Version: 6.1.7601 ServicePack: 1.0

    19:11:46.0979 8100 Product type: Workstation

    19:11:46.0979 8100 ComputerName: WORKSTATION

    19:11:46.0979 8100 UserName: Craig Lick

    19:11:46.0979 8100 Windows directory: C:\Windows

    19:11:46.0979 8100 System windows directory: C:\Windows

    19:11:46.0979 8100 Running under WOW64

    19:11:46.0979 8100 Processor architecture: Intel x64

    19:11:46.0979 8100 Number of processors: 2

    19:11:46.0979 8100 Page size: 0x1000

    19:11:46.0979 8100 Boot type: Normal boot

    19:11:46.0979 8100 ============================================================

    19:11:48.0211 8100 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    19:11:48.0211 8100 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    19:11:48.0211 8100 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    19:11:48.0211 8100 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    19:11:48.0227 8100 Drive \Device\Harddisk4\DR4 - Size: 0xEEBF8000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    19:11:48.0227 8100 Drive \Device\Harddisk5\DR5 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    19:11:48.0227 8100 ============================================================

    19:11:48.0227 8100 \Device\Harddisk0\DR0:

    19:11:48.0227 8100 MBR partitions:

    19:11:48.0227 8100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x177000

    19:11:48.0227 8100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19E800, BlocksNum 0x2528F800

    19:11:48.0242 8100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7E, BlocksNum 0x2734B

    19:11:48.0242 8100 \Device\Harddisk1\DR1:

    19:11:48.0242 8100 MBR partitions:

    19:11:48.0242 8100 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800

    19:11:48.0242 8100 \Device\Harddisk2\DR2:

    19:11:48.0242 8100 MBR partitions:

    19:11:48.0242 8100 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800

    19:11:48.0242 8100 \Device\Harddisk3\DR3:

    19:11:48.0242 8100 MBR partitions:

    19:11:48.0242 8100 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

    19:11:48.0242 8100 \Device\Harddisk4\DR4:

    19:11:48.0242 8100 MBR partitions:

    19:11:48.0242 8100 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x775AC1

    19:11:48.0242 8100 \Device\Harddisk5\DR5:

    19:11:48.0242 8100 MBR partitions:

    19:11:48.0242 8100 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F5000

    19:11:48.0242 8100 ============================================================

    19:11:48.0258 8100 D: <-> \Device\Harddisk2\DR2\Partition0

    19:11:48.0273 8100 C: <-> \Device\Harddisk0\DR0\Partition1

    19:11:48.0320 8100 G: <-> \Device\Harddisk5\DR5\Partition0

    19:11:48.0320 8100 I: <-> \Device\Harddisk1\DR1\Partition0

    19:11:48.0320 8100 H: <-> \Device\Harddisk3\DR3\Partition0

    19:11:48.0320 8100 ============================================================

    19:11:48.0320 8100 Initialize success

    19:11:48.0320 8100 ============================================================

    19:11:54.0248 10212 ============================================================

    19:11:54.0248 10212 Scan started

    19:11:54.0248 10212 Mode: Manual;

    19:11:54.0248 10212 ============================================================

    19:11:56.0058 10212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

    19:11:56.0073 10212 1394ohci - ok

    19:11:56.0089 10212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

    19:11:56.0105 10212 ACPI - ok

    19:11:56.0151 10212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

    19:11:56.0167 10212 AcpiPmi - ok

    19:11:56.0276 10212 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

    19:11:56.0292 10212 adfs - ok

    19:11:56.0463 10212 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

    19:11:56.0479 10212 Adobe Version Cue CS4 - ok

    19:11:56.0635 10212 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    19:11:56.0635 10212 AdobeFlashPlayerUpdateSvc - ok

    19:11:56.0744 10212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

    19:11:56.0760 10212 adp94xx - ok

    19:11:56.0775 10212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

    19:11:56.0791 10212 adpahci - ok

    19:11:56.0807 10212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

    19:11:56.0822 10212 adpu320 - ok

    19:11:56.0838 10212 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

    19:11:56.0838 10212 AeLookupSvc - ok

    19:11:56.0900 10212 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

    19:11:56.0900 10212 AFD - ok

    19:11:56.0947 10212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

    19:11:56.0963 10212 agp440 - ok

    19:11:56.0994 10212 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

    19:11:57.0009 10212 ALG - ok

    19:11:57.0041 10212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

    19:11:57.0119 10212 aliide - ok

    19:11:57.0134 10212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

    19:11:57.0134 10212 amdide - ok

    19:11:57.0150 10212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

    19:11:57.0165 10212 AmdK8 - ok

    19:11:57.0181 10212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

    19:11:57.0181 10212 AmdPPM - ok

    19:11:57.0228 10212 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

    19:11:57.0243 10212 amdsata - ok

    19:11:57.0259 10212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

    19:11:57.0275 10212 amdsbs - ok

    19:11:57.0290 10212 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

    19:11:57.0290 10212 amdxata - ok

    19:11:57.0337 10212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

    19:11:57.0353 10212 AppID - ok

    19:11:57.0368 10212 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

    19:11:57.0384 10212 AppIDSvc - ok

    19:11:57.0415 10212 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

    19:11:57.0431 10212 Appinfo - ok

    19:11:57.0477 10212 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

    19:11:57.0493 10212 AppMgmt - ok

    19:11:57.0540 10212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

    19:11:57.0540 10212 arc - ok

    19:11:57.0555 10212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

    19:11:57.0555 10212 arcsas - ok

    19:11:57.0587 10212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

    19:11:57.0587 10212 AsyncMac - ok

    19:11:57.0649 10212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

    19:11:57.0649 10212 atapi - ok

    19:11:57.0711 10212 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    19:11:57.0727 10212 AudioEndpointBuilder - ok

    19:11:57.0727 10212 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    19:11:57.0727 10212 AudioSrv - ok

    19:11:57.0774 10212 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

    19:11:57.0789 10212 AxInstSV - ok

    19:11:57.0852 10212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

    19:11:57.0867 10212 b06bdrv - ok

    19:11:57.0930 10212 b57nd60a (57cf39f0754e8afe8a7d4470b8c87d3b) C:\Windows\system32\DRIVERS\b57nd60a.sys

    19:11:57.0945 10212 b57nd60a - ok

    19:11:58.0055 10212 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    19:11:58.0070 10212 BBSvc - ok

    19:11:58.0101 10212 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

    19:11:58.0101 10212 BDESVC - ok

    19:11:58.0148 10212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

    19:11:58.0164 10212 Beep - ok

    19:11:58.0226 10212 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

    19:11:58.0242 10212 BFE - ok

    19:11:58.0304 10212 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

    19:11:58.0320 10212 BITS - ok

    19:11:58.0367 10212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

    19:11:58.0367 10212 blbdrive - ok

    19:11:58.0413 10212 Blfp (994648a3ffe85a0f858dd6c83b0af45c) C:\Windows\system32\DRIVERS\basp.sys

    19:11:58.0429 10212 Blfp - ok

    19:11:58.0491 10212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

    19:11:58.0491 10212 bowser - ok

    19:11:58.0538 10212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

    19:11:58.0538 10212 BrFiltLo - ok

    19:11:58.0554 10212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

    19:11:58.0554 10212 BrFiltUp - ok

    19:11:58.0616 10212 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

    19:11:58.0632 10212 BridgeMP - ok

    19:11:58.0679 10212 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

    19:11:58.0679 10212 Browser - ok

    19:11:58.0694 10212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

    19:11:58.0710 10212 Brserid - ok

    19:11:58.0725 10212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

    19:11:58.0725 10212 BrSerWdm - ok

    19:11:58.0741 10212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

    19:11:58.0757 10212 BrUsbMdm - ok

    19:11:58.0772 10212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

    19:11:58.0772 10212 BrUsbSer - ok

    19:11:58.0803 10212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

    19:11:58.0819 10212 BTHMODEM - ok

    19:11:58.0850 10212 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

    19:11:58.0866 10212 bthserv - ok

    19:11:58.0897 10212 catchme - ok

    19:11:58.0928 10212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

    19:11:58.0944 10212 cdfs - ok

    19:11:59.0006 10212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

    19:11:59.0022 10212 cdrom - ok

    19:11:59.0084 10212 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    19:11:59.0084 10212 CertPropSvc - ok

    19:11:59.0100 10212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

    19:11:59.0100 10212 circlass - ok

    19:11:59.0162 10212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

    19:11:59.0162 10212 CLFS - ok

    19:11:59.0209 10212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    19:11:59.0225 10212 clr_optimization_v2.0.50727_32 - ok

    19:11:59.0256 10212 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    19:11:59.0271 10212 clr_optimization_v2.0.50727_64 - ok

    19:11:59.0365 10212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    19:11:59.0365 10212 clr_optimization_v4.0.30319_32 - ok

    19:11:59.0381 10212 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    19:11:59.0381 10212 clr_optimization_v4.0.30319_64 - ok

    19:11:59.0427 10212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

    19:11:59.0521 10212 CmBatt - ok

    19:11:59.0568 10212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

    19:11:59.0568 10212 cmdide - ok

    19:11:59.0630 10212 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

    19:11:59.0646 10212 CNG - ok

    19:11:59.0661 10212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

    19:11:59.0661 10212 Compbatt - ok

    19:11:59.0708 10212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

    19:11:59.0724 10212 CompositeBus - ok

    19:11:59.0724 10212 COMSysApp - ok

    19:11:59.0880 10212 CoordinatorServiceHost (ab82a8885ab9687d82aa51a4b4f62e2d) C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

    19:11:59.0895 10212 CoordinatorServiceHost - ok

    19:11:59.0911 10212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

    19:11:59.0911 10212 crcdisk - ok

    19:11:59.0973 10212 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

    19:12:00.0005 10212 Creative ALchemy AL6 Licensing Service - ok

    19:12:00.0020 10212 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

    19:12:00.0051 10212 Creative Audio Engine Licensing Service - ok

    19:12:00.0129 10212 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe

    19:12:00.0145 10212 Creative Media Toolbox 6 Licensing Service - ok

    19:12:00.0207 10212 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

    19:12:00.0207 10212 CryptSvc - ok

    19:12:00.0254 10212 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

    19:12:00.0285 10212 CSC - ok

    19:12:00.0301 10212 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

    19:12:00.0317 10212 CscService - ok

    19:12:00.0379 10212 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS

    19:12:00.0395 10212 CT20XUT - ok

    19:12:00.0410 10212 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS

    19:12:00.0410 10212 CT20XUT.SYS - ok

    19:12:00.0457 10212 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys

    19:12:00.0473 10212 ctac32k - ok

    19:12:00.0519 10212 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys

    19:12:00.0753 10212 ctaud2k - ok

    19:12:00.0816 10212 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

    19:12:00.0816 10212 CTAudSvcService - ok

    19:12:00.0894 10212 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS

    19:12:00.0972 10212 CTEXFIFX - ok

    19:12:01.0112 10212 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS

    19:12:01.0112 10212 CTEXFIFX.SYS - ok

    19:12:01.0206 10212 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS

    19:12:01.0221 10212 CTHWIUT - ok

    19:12:01.0221 10212 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS

    19:12:01.0221 10212 CTHWIUT.SYS - ok

    19:12:01.0268 10212 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys

    19:12:01.0268 10212 ctprxy2k - ok

    19:12:01.0284 10212 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys

    19:12:01.0299 10212 ctsfm2k - ok

    19:12:01.0377 10212 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    19:12:01.0377 10212 DcomLaunch - ok

    19:12:01.0471 10212 dcpsysmgrsvc (bdf7af2604e89e8e5cb6ae4ae88efcfa) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

    19:12:01.0487 10212 dcpsysmgrsvc - ok

    19:12:01.0518 10212 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

    19:12:01.0533 10212 defragsvc - ok

    19:12:01.0580 10212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

    19:12:01.0596 10212 DfsC - ok

    19:12:01.0658 10212 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

    19:12:01.0674 10212 Dhcp - ok

    19:12:01.0674 10212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

    19:12:01.0674 10212 discache - ok

    19:12:01.0721 10212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

    19:12:01.0736 10212 Disk - ok

    19:12:01.0783 10212 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

    19:12:01.0783 10212 Dnscache - ok

    19:12:01.0830 10212 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

    19:12:01.0939 10212 dot3svc - ok

    19:12:02.0001 10212 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

    19:12:02.0017 10212 Dot4 - ok

    19:12:02.0048 10212 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

    19:12:02.0064 10212 Dot4Print - ok

    19:12:02.0079 10212 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

    19:12:02.0079 10212 dot4usb - ok

    19:12:02.0095 10212 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

    19:12:02.0095 10212 DPS - ok

    19:12:02.0142 10212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

    19:12:02.0157 10212 drmkaud - ok

    19:12:02.0220 10212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

    19:12:02.0251 10212 DXGKrnl - ok

    19:12:02.0267 10212 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

    19:12:02.0267 10212 EapHost - ok

    19:12:02.0438 10212 EaseUS Agent (1428af5504e8d8b353f5136bdecc20cc) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

    19:12:02.0438 10212 EaseUS Agent - ok

    19:12:02.0563 10212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

    19:12:02.0641 10212 ebdrv - ok

    19:12:02.0719 10212 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

    19:12:02.0719 10212 EFS - ok

    19:12:02.0781 10212 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

    19:12:02.0813 10212 ehRecvr - ok

    19:12:02.0828 10212 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

    19:12:02.0844 10212 ehSched - ok

    19:12:02.0922 10212 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys

    19:12:02.0922 10212 ElbyCDIO - ok

    19:12:03.0000 10212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

    19:12:03.0015 10212 elxstor - ok

    19:12:03.0062 10212 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys

    19:12:03.0078 10212 emupia - ok

    19:12:03.0125 10212 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys

    19:12:03.0140 10212 epmntdrv - ok

    19:12:03.0171 10212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

    19:12:03.0187 10212 ErrDev - ok

    19:12:03.0234 10212 EUBAKUP (268999a7b9ae8f1ab0bf833c264ff2d7) C:\Windows\system32\drivers\eubakup.sys

    19:12:03.0249 10212 EUBAKUP - ok

    19:12:03.0249 10212 EUBKMON (bbb7392ddc92d653afbf2f93354db9f2) C:\Windows\system32\drivers\EUBKMON.sys

    19:12:03.0265 10212 EUBKMON - ok

    19:12:03.0296 10212 EUDSKACS (f5ca6da167b70478c5ac745be27ab33e) C:\Windows\system32\drivers\eudskacs.sys

    19:12:03.0296 10212 EUDSKACS - ok

    19:12:03.0327 10212 EUFDDISK (8cd7997a5a9098f110b14feae80fc348) C:\Windows\system32\drivers\EuFdDisk.sys

    19:12:03.0327 10212 EUFDDISK - ok

    19:12:03.0390 10212 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys

    19:12:03.0390 10212 EuGdiDrv - ok

    19:12:03.0452 10212 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

    19:12:03.0452 10212 EventSystem - ok

    19:12:03.0499 10212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

    19:12:03.0515 10212 exfat - ok

    19:12:03.0530 10212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

    19:12:03.0546 10212 fastfat - ok

    19:12:03.0608 10212 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

    19:12:03.0624 10212 Fax - ok

    19:12:03.0639 10212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

    19:12:03.0639 10212 fdc - ok

    19:12:03.0655 10212 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

    19:12:03.0655 10212 fdPHost - ok

    19:12:03.0671 10212 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

    19:12:03.0671 10212 FDResPub - ok

    19:12:03.0686 10212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

    19:12:03.0702 10212 FileInfo - ok

    19:12:03.0702 10212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

    19:12:03.0717 10212 Filetrace - ok

    19:12:03.0827 10212 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    19:12:03.0827 10212 FLEXnet Licensing Service - ok

    19:12:03.0936 10212 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

    19:12:03.0967 10212 FLEXnet Licensing Service 64 - ok

    19:12:04.0045 10212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

    19:12:04.0061 10212 flpydisk - ok

    19:12:04.0107 10212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

    19:12:04.0123 10212 FltMgr - ok

    19:12:04.0217 10212 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

    19:12:04.0232 10212 FontCache - ok

    19:12:04.0326 10212 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    19:12:04.0341 10212 FontCache3.0.0.0 - ok

    19:12:04.0388 10212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

    19:12:04.0388 10212 FsDepends - ok

    19:12:04.0451 10212 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

    19:12:04.0451 10212 Fs_Rec - ok

    19:12:04.0513 10212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

    19:12:04.0513 10212 fvevol - ok

    19:12:04.0544 10212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

    19:12:04.0560 10212 gagp30kx - ok

    19:12:04.0638 10212 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

    19:12:04.0653 10212 gpsvc - ok

    19:12:04.0825 10212 Guard Agent (922d79bfe60e6277daa15dfd2a751f4d) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

    19:12:04.0825 10212 Guard Agent - ok

    19:12:04.0919 10212 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys

    19:12:04.0981 10212 ha20x22k - ok

    19:12:05.0106 10212 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys

    19:12:05.0168 10212 ha20x2k - ok

    19:12:05.0231 10212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

    19:12:05.0246 10212 hcw85cir - ok

    19:12:05.0309 10212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

    19:12:05.0324 10212 HdAudAddService - ok

    19:12:05.0355 10212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

    19:12:05.0371 10212 HDAudBus - ok

    19:12:05.0387 10212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

    19:12:05.0402 10212 HidBatt - ok

    19:12:05.0418 10212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

    19:12:05.0418 10212 HidBth - ok

    19:12:05.0433 10212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

    19:12:05.0449 10212 HidIr - ok

    19:12:05.0449 10212 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

    19:12:05.0465 10212 hidserv - ok

    19:12:05.0527 10212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

    19:12:05.0527 10212 HidUsb - ok

    19:12:05.0574 10212 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

    19:12:05.0574 10212 hkmsvc - ok

    19:12:05.0621 10212 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

    19:12:05.0636 10212 HomeGroupListener - ok

    19:12:05.0683 10212 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

    19:12:05.0683 10212 HomeGroupProvider - ok

    19:12:05.0839 10212 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

    19:12:05.0839 10212 hpqcxs08 - ok

    19:12:05.0855 10212 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

    19:12:05.0870 10212 hpqddsvc - ok

    19:12:05.0917 10212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

    19:12:05.0933 10212 HpSAMD - ok

    19:12:05.0995 10212 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

    19:12:05.0995 10212 HPSLPSVC - ok

    19:12:06.0276 10212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

    19:12:06.0291 10212 HTTP - ok

    19:12:06.0338 10212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

    19:12:06.0338 10212 hwpolicy - ok

    19:12:06.0369 10212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

    19:12:06.0385 10212 i8042prt - ok

    19:12:06.0416 10212 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

    19:12:06.0432 10212 iaStor - ok

    19:12:06.0463 10212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

    19:12:06.0479 10212 iaStorV - ok

    19:12:06.0572 10212 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    19:12:06.0603 10212 IDriverT - ok

    19:12:06.0713 10212 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    19:12:06.0728 10212 idsvc - ok

    19:12:06.0806 10212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

    19:12:06.0822 10212 iirsp - ok

    19:12:06.0869 10212 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

    19:12:06.0884 10212 IKEEXT - ok

    19:12:06.0931 10212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

    19:12:06.0947 10212 intelide - ok

    19:12:06.0978 10212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

    19:12:06.0978 10212 intelppm - ok

    19:12:06.0993 10212 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

    19:12:07.0009 10212 IPBusEnum - ok

    19:12:07.0040 10212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    19:12:07.0056 10212 IpFilterDriver - ok

    19:12:07.0103 10212 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

    19:12:07.0103 10212 iphlpsvc - ok

    19:12:07.0118 10212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

    19:12:07.0134 10212 IPMIDRV - ok

    19:12:07.0149 10212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

    19:12:07.0165 10212 IPNAT - ok

    19:12:07.0196 10212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

    19:12:07.0196 10212 IRENUM - ok

    19:12:07.0212 10212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

    19:12:07.0227 10212 isapnp - ok

    19:12:07.0243 10212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

    19:12:07.0259 10212 iScsiPrt - ok

    19:12:07.0305 10212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

    19:12:07.0305 10212 kbdclass - ok

    19:12:07.0352 10212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

    19:12:07.0368 10212 kbdhid - ok

    19:12:07.0415 10212 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    19:12:07.0415 10212 KeyIso - ok

    19:12:07.0446 10212 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

    19:12:07.0461 10212 KSecDD - ok

    19:12:07.0493 10212 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

    19:12:07.0493 10212 KSecPkg - ok

    19:12:07.0524 10212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

    19:12:07.0524 10212 ksthunk - ok

    19:12:07.0555 10212 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

    19:12:07.0571 10212 KtmRm - ok

    19:12:07.0617 10212 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

    19:12:07.0617 10212 LanmanServer - ok

    19:12:07.0664 10212 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

    19:12:07.0680 10212 LanmanWorkstation - ok

    19:12:07.0836 10212 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    19:12:07.0851 10212 LBTServ - ok

    19:12:07.0898 10212 LGPBTDD (f705a641c18df31b48b5dbda94b425e4) C:\Windows\system32\Drivers\LGPBTDD.sys

    19:12:07.0914 10212 LGPBTDD - ok

    19:12:07.0961 10212 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys

    19:12:07.0961 10212 LHidFilt - ok

    19:12:07.0992 10212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

    19:12:08.0007 10212 lltdio - ok

    19:12:08.0039 10212 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

    19:12:08.0054 10212 lltdsvc - ok

    19:12:08.0070 10212 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

    19:12:08.0070 10212 lmhosts - ok

    19:12:08.0226 10212 LMIGuardianSvc (98b0fcc176dfb711b67651becb88c445) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

    19:12:08.0241 10212 LMIGuardianSvc - ok

    19:12:08.0273 10212 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

    19:12:08.0288 10212 LMIInfo - ok

    19:12:08.0335 10212 LMIMaint (b712511029cbd68645a90a241fd6ae43) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

    19:12:08.0351 10212 LMIMaint - ok

    19:12:08.0397 10212 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

    19:12:08.0397 10212 lmimirr - ok

    19:12:08.0413 10212 LMIRfsClientNP - ok

    19:12:08.0444 10212 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

    19:12:08.0444 10212 LMIRfsDriver - ok

    19:12:08.0491 10212 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys

    19:12:08.0491 10212 LMouFilt - ok

    19:12:08.0553 10212 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

    19:12:08.0553 10212 LogMeIn - ok

    19:12:08.0616 10212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

    19:12:08.0616 10212 LSI_FC - ok

    19:12:08.0678 10212 LSI_SAS (7fa2ed12f3672308fd177ddc9df10bda) C:\Windows\system32\DRIVERS\lsi_sas.sys

    19:12:08.0678 10212 LSI_SAS - ok

    19:12:08.0694 10212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

    19:12:08.0694 10212 LSI_SAS2 - ok

    19:12:08.0709 10212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

    19:12:08.0709 10212 LSI_SCSI - ok

    19:12:08.0756 10212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

    19:12:08.0772 10212 luafv - ok

    19:12:08.0803 10212 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

    19:12:08.0819 10212 LVPr2M64 - ok

    19:12:08.0834 10212 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

    19:12:08.0834 10212 LVPr2Mon - ok

    19:12:08.0959 10212 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
  5. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    19:12:08.0959 10212 LVPrcS64 - ok
    19:12:09.0006 10212 LVRS64 (224ab3850f573a419f921c41a15d7f5b) C:\Windows\system32\DRIVERS\lvrs64.sys
    19:12:09.0021 10212 LVRS64 - ok
    19:12:09.0037 10212 lvsels64 (ec9c95d256fc08eb4b998a3b201b5432) C:\Windows\system32\DRIVERS\lvsels64.sys
    19:12:09.0037 10212 lvsels64 - ok
    19:12:09.0240 10212 LVUVC64 (bfba84b8a9c233ae42b11cf7bdfc6c01) C:\Windows\system32\DRIVERS\lvuvc64.sys
    19:12:09.0365 10212 LVUVC64 - ok
    19:12:09.0427 10212 lxci_device - ok
    19:12:09.0521 10212 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    19:12:09.0521 10212 MBAMProtector - ok
    19:12:09.0614 10212 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:12:09.0614 10212 MBAMService - ok
    19:12:09.0645 10212 MCSTRM - ok
    19:12:09.0692 10212 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    19:12:09.0692 10212 Mcx2Svc - ok
    19:12:09.0755 10212 MegaMonitorSrv (2f326a7fe67b2f8ff5fd21ea8468f393) c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
    19:12:09.0801 10212 MegaMonitorSrv - ok
    19:12:09.0817 10212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    19:12:09.0833 10212 megasas - ok
    19:12:09.0848 10212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    19:12:09.0864 10212 MegaSR - ok
    19:12:09.0879 10212 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    19:12:09.0895 10212 MMCSS - ok
    19:12:09.0911 10212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    19:12:09.0911 10212 Modem - ok
    19:12:09.0957 10212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    19:12:09.0973 10212 monitor - ok
    19:12:10.0035 10212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    19:12:10.0035 10212 mouclass - ok
    19:12:10.0082 10212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    19:12:10.0082 10212 mouhid - ok
    19:12:10.0145 10212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    19:12:10.0145 10212 mountmgr - ok
    19:12:10.0191 10212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    19:12:10.0207 10212 mpio - ok
    19:12:10.0223 10212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    19:12:10.0238 10212 mpsdrv - ok
    19:12:10.0301 10212 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    19:12:10.0301 10212 MpsSvc - ok
    19:12:10.0347 10212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    19:12:10.0363 10212 MRxDAV - ok
    19:12:10.0472 10212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:12:10.0488 10212 mrxsmb - ok
    19:12:10.0519 10212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:12:10.0535 10212 mrxsmb10 - ok
    19:12:10.0550 10212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:12:10.0566 10212 mrxsmb20 - ok
    19:12:10.0597 10212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    19:12:10.0613 10212 msahci - ok
    19:12:10.0691 10212 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    19:12:10.0706 10212 MSCamSvc - ok
    19:12:10.0722 10212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    19:12:10.0737 10212 msdsm - ok
    19:12:10.0769 10212 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    19:12:10.0784 10212 MSDTC - ok
    19:12:10.0815 10212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    19:12:10.0831 10212 Msfs - ok
    19:12:10.0847 10212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    19:12:10.0862 10212 mshidkmdf - ok
    19:12:10.0909 10212 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys
    19:12:10.0925 10212 MSHUSBVideo - ok
    19:12:10.0971 10212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    19:12:10.0971 10212 msisadrv - ok
    19:12:10.0987 10212 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    19:12:11.0003 10212 MSiSCSI - ok
    19:12:11.0003 10212 msiserver - ok
    19:12:11.0034 10212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    19:12:11.0049 10212 MSKSSRV - ok
    19:12:11.0081 10212 MSMFramework (c17a985da001ecbaaae40372db18492d) c:\Program Files (x86)\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
    19:12:11.0096 10212 MSMFramework - ok
    19:12:11.0112 10212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:12:11.0127 10212 MSPCLOCK - ok
    19:12:11.0143 10212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    19:12:11.0143 10212 MSPQM - ok
    19:12:11.0205 10212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    19:12:11.0205 10212 MsRPC - ok
    19:12:11.0268 10212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    19:12:11.0268 10212 mssmbios - ok
    19:12:11.0299 10212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    19:12:11.0299 10212 MSTEE - ok
    19:12:11.0315 10212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    19:12:11.0315 10212 MTConfig - ok
    19:12:11.0330 10212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    19:12:11.0346 10212 Mup - ok
    19:12:11.0361 10212 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    19:12:11.0361 10212 napagent - ok
    19:12:11.0408 10212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    19:12:11.0424 10212 NativeWifiP - ok
    19:12:11.0486 10212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    19:12:11.0502 10212 NDIS - ok
    19:12:11.0517 10212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    19:12:11.0517 10212 NdisCap - ok
    19:12:11.0549 10212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:12:11.0564 10212 NdisTapi - ok
    19:12:11.0611 10212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:12:11.0611 10212 Ndisuio - ok
    19:12:11.0658 10212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:12:11.0783 10212 NdisWan - ok
    19:12:11.0829 10212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    19:12:11.0845 10212 NDProxy - ok
    19:12:11.0907 10212 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    19:12:11.0923 10212 Net Driver HPZ12 - ok
    19:12:11.0970 10212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    19:12:11.0970 10212 NetBIOS - ok
    19:12:12.0032 10212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    19:12:12.0032 10212 NetBT - ok
    19:12:12.0079 10212 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:12:12.0079 10212 Netlogon - ok
    19:12:12.0126 10212 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    19:12:12.0141 10212 Netman - ok
    19:12:12.0157 10212 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    19:12:12.0157 10212 netprofm - ok
    19:12:12.0219 10212 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
    19:12:12.0251 10212 netr7364 - ok
    19:12:12.0297 10212 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:12:12.0313 10212 NetTcpPortSharing - ok
    19:12:12.0422 10212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    19:12:12.0438 10212 nfrd960 - ok
    19:12:12.0500 10212 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    19:12:12.0500 10212 NlaSvc - ok
    19:12:12.0531 10212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    19:12:12.0547 10212 Npfs - ok
    19:12:12.0547 10212 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    19:12:12.0563 10212 nsi - ok
    19:12:12.0563 10212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    19:12:12.0563 10212 nsiproxy - ok
    19:12:12.0656 10212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    19:12:12.0672 10212 Ntfs - ok
    19:12:12.0797 10212 ntrtscan (f632dd8aa5c388d1d0528a876a71320d) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
    19:12:12.0812 10212 ntrtscan - ok
    19:12:12.0890 10212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    19:12:12.0890 10212 Null - ok
    19:12:13.0140 10212 NVIDIA Performance Driver Service (ec46af29adeddcc1f1a5df22fb2276fd) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    19:12:13.0265 10212 NVIDIA Performance Driver Service - ok
    19:12:13.0670 10212 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:12:13.0935 10212 nvlddmkm - ok
    19:12:14.0029 10212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    19:12:14.0154 10212 nvraid - ok
    19:12:14.0185 10212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    19:12:14.0185 10212 nvstor - ok
    19:12:14.0247 10212 nvsvc (57d0d222a9f22113fe3b55488dbfd761) C:\Windows\system32\nvvsvc.exe
    19:12:14.0263 10212 nvsvc - ok
    19:12:14.0294 10212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    19:12:14.0310 10212 nv_agp - ok
    19:12:14.0435 10212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:12:14.0466 10212 odserv - ok
    19:12:14.0497 10212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    19:12:14.0513 10212 ohci1394 - ok
    19:12:14.0528 10212 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:12:14.0544 10212 ose - ok
    19:12:14.0700 10212 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:12:14.0747 10212 osppsvc - ok
    19:12:14.0856 10212 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
    19:12:15.0059 10212 ossrv - ok
    19:12:15.0105 10212 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    19:12:15.0105 10212 p2pimsvc - ok
    19:12:15.0137 10212 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    19:12:15.0152 10212 p2psvc - ok
    19:12:15.0199 10212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    19:12:15.0199 10212 Parport - ok
    19:12:15.0246 10212 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    19:12:15.0246 10212 partmgr - ok
    19:12:15.0293 10212 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
    19:12:15.0293 10212 PBADRV - ok
    19:12:15.0308 10212 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    19:12:15.0324 10212 PcaSvc - ok
    19:12:15.0371 10212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    19:12:15.0371 10212 pci - ok
    19:12:15.0386 10212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    19:12:15.0386 10212 pciide - ok
    19:12:15.0417 10212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    19:12:15.0433 10212 pcmcia - ok
    19:12:15.0433 10212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    19:12:15.0433 10212 pcw - ok
    19:12:15.0558 10212 Peachtree SmartPosting 2010 (72603f25b03c6eeced179daca614a33d) C:\Program Files (x86)\Sage Software\Peachtree\SmartPostingService2010.exe
    19:12:15.0558 10212 Peachtree SmartPosting 2010 - ok
    19:12:15.0589 10212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    19:12:15.0605 10212 PEAUTH - ok
    19:12:15.0683 10212 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    19:12:15.0698 10212 PeerDistSvc - ok
    19:12:15.0807 10212 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    19:12:15.0823 10212 PerfHost - ok
    19:12:15.0932 10212 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    19:12:16.0119 10212 pla - ok
    19:12:16.0182 10212 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    19:12:16.0197 10212 PlugPlay - ok
    19:12:16.0260 10212 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    19:12:16.0275 10212 Pml Driver HPZ12 - ok
    19:12:16.0307 10212 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    19:12:16.0338 10212 PNRPAutoReg - ok
    19:12:16.0494 10212 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    19:12:16.0494 10212 PNRPsvc - ok
    19:12:16.0541 10212 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    19:12:16.0556 10212 PolicyAgent - ok
    19:12:16.0572 10212 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    19:12:16.0572 10212 Power - ok
    19:12:16.0634 10212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    19:12:16.0650 10212 PptpMiniport - ok
    19:12:16.0665 10212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    19:12:16.0665 10212 Processor - ok
    19:12:16.0712 10212 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    19:12:16.0728 10212 ProfSvc - ok
    19:12:16.0759 10212 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:12:16.0759 10212 ProtectedStorage - ok
    19:12:16.0806 10212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    19:12:16.0806 10212 Psched - ok
    19:12:16.0931 10212 psqlWGE (5d059e1f56576a9264d2243d0c8dd7fa) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    19:12:16.0931 10212 psqlWGE - ok
    19:12:16.0977 10212 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
    19:12:16.0993 10212 PxHlpa64 - ok
    19:12:17.0040 10212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    19:12:17.0102 10212 ql2300 - ok
    19:12:17.0180 10212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    19:12:17.0180 10212 ql40xx - ok
    19:12:17.0227 10212 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    19:12:17.0227 10212 QWAVE - ok
    19:12:17.0243 10212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    19:12:17.0258 10212 QWAVEdrv - ok
    19:12:17.0258 10212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    19:12:17.0274 10212 RasAcd - ok
    19:12:17.0305 10212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:12:17.0321 10212 RasAgileVpn - ok
    19:12:17.0336 10212 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    19:12:17.0336 10212 RasAuto - ok
    19:12:17.0383 10212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:12:17.0399 10212 Rasl2tp - ok
    19:12:17.0430 10212 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    19:12:17.0445 10212 RasMan - ok
    19:12:17.0461 10212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:12:17.0477 10212 RasPppoe - ok
    19:12:17.0492 10212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    19:12:17.0492 10212 RasSstp - ok
    19:12:17.0539 10212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    19:12:17.0570 10212 rdbss - ok
    19:12:17.0570 10212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    19:12:17.0586 10212 rdpbus - ok
    19:12:17.0601 10212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:12:17.0601 10212 RDPCDD - ok
    19:12:17.0648 10212 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    19:12:17.0664 10212 RDPDR - ok
    19:12:17.0679 10212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    19:12:17.0679 10212 RDPENCDD - ok
    19:12:17.0679 10212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    19:12:17.0679 10212 RDPREFMP - ok
    19:12:17.0711 10212 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    19:12:17.0726 10212 RDPWD - ok
    19:12:17.0757 10212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    19:12:17.0773 10212 rdyboost - ok
    19:12:17.0898 10212 Remote Solver for Flow Simulation 2010 (560c24ca8c65af16adff91f37e358959) C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
    19:12:17.0898 10212 Remote Solver for Flow Simulation 2010 - ok
    19:12:17.0913 10212 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    19:12:17.0929 10212 RemoteAccess - ok
    19:12:17.0945 10212 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    19:12:17.0960 10212 RemoteRegistry - ok
    19:12:17.0976 10212 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    19:12:17.0976 10212 RpcEptMapper - ok
    19:12:17.0991 10212 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    19:12:18.0007 10212 RpcLocator - ok
    19:12:18.0054 10212 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    19:12:18.0069 10212 RpcSs - ok
    19:12:18.0101 10212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    19:12:18.0116 10212 rspndr - ok
    19:12:18.0147 10212 RT2500 - ok
    19:12:18.0194 10212 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    19:12:18.0194 10212 s3cap - ok
    19:12:18.0241 10212 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:12:18.0241 10212 SamSs - ok
    19:12:18.0257 10212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    19:12:18.0272 10212 sbp2port - ok
    19:12:18.0288 10212 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    19:12:18.0537 10212 SCardSvr - ok
    19:12:18.0569 10212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    19:12:18.0584 10212 scfilter - ok
    19:12:18.0662 10212 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    19:12:18.0662 10212 Schedule - ok
    19:12:18.0725 10212 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    19:12:18.0725 10212 SCPolicySvc - ok
    19:12:18.0725 10212 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    19:12:18.0740 10212 SDRSVC - ok
    19:12:18.0849 10212 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    19:12:18.0865 10212 SeaPort - ok
    19:12:18.0912 10212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    19:12:18.0912 10212 secdrv - ok
    19:12:18.0959 10212 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    19:12:19.0083 10212 seclogon - ok
    19:12:19.0193 10212 SecureStorageService (38a40e111abdf0862b72bb37a8bd5e62) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    19:12:19.0239 10212 SecureStorageService - ok
    19:12:19.0364 10212 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    19:12:19.0364 10212 SENS - ok
    19:12:19.0380 10212 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    19:12:19.0380 10212 SensrSvc - ok
    19:12:19.0442 10212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    19:12:19.0442 10212 Serenum - ok
    19:12:19.0473 10212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    19:12:19.0489 10212 Serial - ok
    19:12:19.0520 10212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    19:12:19.0536 10212 sermouse - ok
    19:12:19.0583 10212 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    19:12:19.0583 10212 SessionEnv - ok
    19:12:19.0629 10212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    19:12:19.0629 10212 sffdisk - ok
    19:12:19.0645 10212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    19:12:19.0770 10212 sffp_mmc - ok
    19:12:19.0770 10212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    19:12:19.0785 10212 sffp_sd - ok
    19:12:19.0801 10212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    19:12:19.0801 10212 sfloppy - ok
    19:12:19.0863 10212 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    19:12:19.0895 10212 SharedAccess - ok
    19:12:19.0957 10212 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    19:12:19.0957 10212 ShellHWDetection - ok
    19:12:19.0988 10212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:12:19.0988 10212 SiSRaid2 - ok
    19:12:20.0004 10212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    19:12:20.0019 10212 SiSRaid4 - ok
    19:12:20.0019 10212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    19:12:20.0035 10212 Smb - ok
    19:12:20.0051 10212 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    19:12:20.0051 10212 SNMPTRAP - ok
    19:12:20.0191 10212 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    19:12:20.0222 10212 SolidWorks Licensing Service - ok
    19:12:20.0253 10212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    19:12:20.0269 10212 spldr - ok
    19:12:20.0331 10212 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    19:12:20.0331 10212 Spooler - ok
    19:12:20.0565 10212 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    19:12:20.0597 10212 sppsvc - ok
    19:12:20.0659 10212 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    19:12:20.0784 10212 sppuinotify - ok
    19:12:20.0846 10212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    19:12:20.0862 10212 srv - ok
    19:12:20.0877 10212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    19:12:20.0909 10212 srv2 - ok
    19:12:20.0924 10212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    19:12:20.0924 10212 srvnet - ok
    19:12:20.0971 10212 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    19:12:20.0971 10212 SSDPSRV - ok
    19:12:20.0971 10212 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    19:12:20.0987 10212 SstpSvc - ok
    19:12:21.0111 10212 Stereo Service (6c2de72ff854ebf628a27e115048f846) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    19:12:21.0111 10212 Stereo Service - ok
    19:12:21.0143 10212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    19:12:21.0143 10212 stexstor - ok
    19:12:21.0221 10212 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    19:12:21.0236 10212 stisvc - ok
    19:12:21.0299 10212 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    19:12:21.0314 10212 stllssvr - ok
    19:12:21.0361 10212 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    19:12:21.0361 10212 storflt - ok
    19:12:21.0377 10212 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    19:12:21.0392 10212 StorSvc - ok
    19:12:21.0408 10212 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    19:12:21.0408 10212 storvsc - ok
    19:12:21.0501 10212 svcGenericHost (15323ae5d254aa1d389522166e6f4244) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
    19:12:21.0501 10212 svcGenericHost - ok
    19:12:21.0517 10212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    19:12:21.0533 10212 swenum - ok
    19:12:21.0642 10212 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    19:12:21.0673 10212 SwitchBoard - ok
    19:12:21.0720 10212 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    19:12:21.0735 10212 swprv - ok
    19:12:21.0829 10212 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    19:12:21.0845 10212 SysMain - ok
    19:12:21.0923 10212 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    19:12:21.0938 10212 TabletInputService - ok
    19:12:21.0969 10212 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    19:12:21.0985 10212 TapiSrv - ok
    19:12:21.0985 10212 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    19:12:22.0001 10212 TBS - ok
    19:12:22.0110 10212 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    19:12:22.0125 10212 Tcpip - ok
    19:12:22.0235 10212 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    19:12:22.0250 10212 TCPIP6 - ok
    19:12:22.0313 10212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    19:12:22.0453 10212 tcpipreg - ok
    19:12:22.0562 10212 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    19:12:22.0609 10212 tcsd_win32.exe - ok
    19:12:22.0734 10212 TdmService (8c6740f641a1c3d56a1a396aeb0158e7) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    19:12:22.0765 10212 TdmService - ok
    19:12:22.0827 10212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    19:12:22.0843 10212 TDPIPE - ok
    19:12:22.0874 10212 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    19:12:22.0890 10212 TDTCP - ok
    19:12:22.0937 10212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    19:12:22.0937 10212 tdx - ok
    19:12:22.0983 10212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    19:12:22.0983 10212 TermDD - ok
    19:12:23.0015 10212 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    19:12:23.0030 10212 TermService - ok
    19:12:23.0046 10212 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    19:12:23.0046 10212 Themes - ok
    19:12:23.0077 10212 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    19:12:23.0077 10212 THREADORDER - ok
    19:12:23.0139 10212 TMBMServer (963c903e5176c5cdcae321d48635b21f) c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
    19:12:23.0155 10212 TMBMServer - ok
    19:12:23.0217 10212 TmFilter (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
    19:12:23.0233 10212 TmFilter - ok
    19:12:23.0311 10212 tmlisten (e5f23152b394fdebc53b07e2b2e64c62) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
    19:12:23.0327 10212 tmlisten - ok
    19:12:23.0451 10212 tmlwf (b5c00fc8786a237937c33aabee68ca26) C:\Windows\system32\DRIVERS\tmlwf.sys
    19:12:23.0451 10212 tmlwf - ok
    19:12:23.0529 10212 TmPfw (48d09383511757645c0a828622ef5ab3) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
    19:12:23.0545 10212 TmPfw - ok
    19:12:23.0576 10212 TmPreFilter (1889f49a828b1cf0e2866cdd325875b0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
    19:12:23.0592 10212 TmPreFilter - ok
    19:12:23.0623 10212 TmProxy (6b322de56d58daf1daba4740dea86925) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
    19:12:23.0639 10212 TmProxy - ok
    19:12:23.0748 10212 tmtdi (a42e6780c52b248af54c6010a9a93384) C:\Windows\system32\DRIVERS\tmtdi.sys
    19:12:23.0763 10212 tmtdi - ok
    19:12:23.0810 10212 tmwfp (5d38c32a4b093bc8190cf3fb9078c9cd) C:\Windows\system32\DRIVERS\tmwfp.sys
    19:12:23.0826 10212 tmwfp - ok
    19:12:23.0841 10212 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    19:12:23.0857 10212 TrkWks - ok
    19:12:23.0904 10212 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
    19:12:23.0919 10212 truecrypt - ok
    19:12:23.0966 10212 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    19:12:23.0966 10212 TrustedInstaller - ok
    19:12:24.0013 10212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:12:24.0013 10212 tssecsrv - ok
    19:12:24.0075 10212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    19:12:24.0091 10212 TsUsbFlt - ok
    19:12:24.0138 10212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    19:12:24.0153 10212 tunnel - ok
    19:12:24.0185 10212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    19:12:24.0200 10212 uagp35 - ok
    19:12:24.0216 10212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    19:12:24.0231 10212 udfs - ok
    19:12:24.0387 10212 UGS License Server (ugslmd) (a3a5dcf65b4ac8d98c7e2dd9b58b37a3) C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
    19:12:24.0403 10212 UGS License Server (ugslmd) - ok
    19:12:24.0481 10212 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    19:12:24.0481 10212 UI0Detect - ok
    19:12:24.0559 10212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    19:12:24.0575 10212 uliagpkx - ok
    19:12:24.0668 10212 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
    19:12:24.0668 10212 UltraMonUtility - ok
    19:12:24.0715 10212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    19:12:24.0731 10212 umbus - ok
    19:12:24.0777 10212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    19:12:24.0777 10212 UmPass - ok
    19:12:24.0824 10212 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    19:12:24.0840 10212 UmRdpService - ok
    19:12:24.0855 10212 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    19:12:24.0871 10212 upnphost - ok
    19:12:24.0933 10212 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    19:12:24.0949 10212 usbaudio - ok
    19:12:24.0949 10212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:12:24.0965 10212 usbccgp - ok
    19:12:24.0996 10212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    19:12:25.0011 10212 usbcir - ok
    19:12:25.0058 10212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:12:25.0058 10212 usbehci - ok
    19:12:25.0105 10212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    19:12:25.0121 10212 usbhub - ok
    19:12:25.0136 10212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    19:12:25.0152 10212 usbohci - ok
    19:12:25.0167 10212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    19:12:25.0183 10212 usbprint - ok
    19:12:25.0214 10212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    19:12:25.0230 10212 usbscan - ok
    19:12:25.0245 10212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:12:25.0245 10212 USBSTOR - ok
    19:12:25.0277 10212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:12:25.0292 10212 usbuhci - ok
    19:12:25.0355 10212 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    19:12:25.0464 10212 usbvideo - ok
    19:12:25.0479 10212 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    19:12:25.0495 10212 UxSms - ok
    19:12:25.0526 10212 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:12:25.0526 10212 VaultSvc - ok
    19:12:25.0589 10212 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
    19:12:25.0589 10212 VClone - ok
    19:12:25.0604 10212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    19:12:25.0604 10212 vdrvroot - ok
    19:12:25.0667 10212 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    19:12:25.0682 10212 vds - ok
    19:12:25.0729 10212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:12:25.0729 10212 vga - ok
    19:12:25.0745 10212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    19:12:25.0760 10212 VgaSave - ok
    19:12:25.0807 10212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    19:12:25.0823 10212 vhdmp - ok
    19:12:25.0838 10212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    19:12:25.0838 10212 viaide - ok
    19:12:25.0869 10212 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    19:12:25.0869 10212 vmbus - ok
    19:12:25.0901 10212 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    19:12:25.0901 10212 VMBusHID - ok
    19:12:25.0916 10212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    19:12:25.0932 10212 volmgr - ok
    19:12:25.0979 10212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    19:12:25.0994 10212 volmgrx - ok
    19:12:26.0010 10212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    19:12:26.0025 10212 volsnap - ok
    19:12:26.0150 10212 VSApiNt (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
    19:12:26.0213 10212 VSApiNt - ok
    19:12:26.0337 10212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    19:12:26.0353 10212 vsmraid - ok
    19:12:26.0447 10212 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    19:12:26.0493 10212 VSS - ok
    19:12:26.0727 10212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    19:12:26.0743 10212 vwifibus - ok
    19:12:26.0774 10212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    19:12:26.0790 10212 vwififlt - ok
    19:12:26.0837 10212 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    19:12:26.0852 10212 W32Time - ok
    19:12:26.0868 10212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    19:12:26.0977 10212 WacomPen - ok
    19:12:27.0055 10212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    19:12:27.0055 10212 WANARP - ok
    19:12:27.0055 10212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    19:12:27.0071 10212 Wanarpv6 - ok
    19:12:27.0164 10212 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    19:12:27.0211 10212 WatAdminSvc - ok
    19:12:27.0289 10212 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    19:12:27.0336 10212 wbengine - ok
    19:12:27.0414 10212 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    19:12:27.0429 10212 WbioSrvc - ok
    19:12:27.0476 10212 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    19:12:27.0492 10212 wcncsvc - ok
    19:12:27.0507 10212 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    19:12:27.0523 10212 WcsPlugInService - ok
    19:12:27.0554 10212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    19:12:27.0570 10212 Wd - ok
    19:12:27.0601 10212 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    19:12:27.0617 10212 WDC_SAM - ok
    19:12:27.0648 10212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    19:12:27.0663 10212 Wdf01000 - ok
    19:12:27.0679 10212 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    19:12:27.0679 10212 WdiServiceHost - ok
    19:12:27.0695 10212 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    19:12:27.0695 10212 WdiSystemHost - ok
    19:12:27.0741 10212 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    19:12:27.0757 10212 WebClient - ok
    19:12:27.0773 10212 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    19:12:27.0788 10212 Wecsvc - ok
    19:12:27.0788 10212 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    19:12:27.0788 10212 wercplsupport - ok
    19:12:27.0835 10212 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    19:12:27.0835 10212 WerSvc - ok
    19:12:27.0897 10212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    19:12:27.0913 10212 WfpLwf - ok
    19:12:27.0929 10212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    19:12:28.0038 10212 WIMMount - ok
    19:12:28.0053 10212 WinDefend - ok
    19:12:28.0053 10212 WinHttpAutoProxySvc - ok
    19:12:28.0085 10212 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    19:12:28.0100 10212 Winmgmt - ok
    19:12:28.0209 10212 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    19:12:28.0272 10212 WinRM - ok
    19:12:28.0397 10212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    19:12:28.0412 10212 WinUsb - ok
    19:12:28.0459 10212 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    19:12:28.0475 10212 Wlansvc - ok
    19:12:28.0740 10212 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:12:28.0755 10212 wlidsvc - ok
    19:12:28.0849 10212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    19:12:28.0865 10212 WmiAcpi - ok
    19:12:28.0911 10212 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    19:12:28.0927 10212 wmiApSrv - ok
    19:12:28.0943 10212 WMPNetworkSvc - ok
    19:12:28.0958 10212 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    19:12:28.0958 10212 WPCSvc - ok
    19:12:29.0005 10212 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    19:12:29.0021 10212 WPDBusEnum - ok
    19:12:29.0036 10212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    19:12:29.0036 10212 ws2ifsl - ok
    19:12:29.0052 10212 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    19:12:29.0067 10212 wscsvc - ok
    19:12:29.0067 10212 WSearch - ok
    19:12:29.0177 10212 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    19:12:29.0223 10212 wuauserv - ok
    19:12:29.0333 10212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    19:12:29.0333 10212 WudfPf - ok
    19:12:29.0364 10212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:12:29.0364 10212 WUDFRd - ok
    19:12:29.0411 10212 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    19:12:29.0411 10212 wudfsvc - ok
    19:12:29.0442 10212 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    19:12:29.0457 10212 WwanSvc - ok
    19:12:29.0473 10212 MBR (0x1B8) (1f998be06dc960ce70b919fff503e98c) \Device\Harddisk0\DR0
    19:12:29.0613 10212 \Device\Harddisk0\DR0 - ok
    19:12:29.0613 10212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    19:12:29.0613 10212 \Device\Harddisk1\DR1 - ok
    19:12:29.0629 10212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    19:12:29.0629 10212 \Device\Harddisk2\DR2 - ok
    19:12:29.0629 10212 MBR (0x1B8) (1f998be06dc960ce70b919fff503e98c) \Device\Harddisk3\DR3
    19:12:29.0645 10212 \Device\Harddisk3\DR3 - ok
    19:12:29.0645 10212 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk4\DR4
    19:12:29.0645 10212 \Device\Harddisk4\DR4 - ok
    19:12:29.0645 10212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
    19:12:29.0660 10212 \Device\Harddisk5\DR5 - ok
    19:12:29.0660 10212 Boot (0x1200) (81d8f879b03f004ea82a2a264bca4df6) \Device\Harddisk0\DR0\Partition0
    19:12:29.0660 10212 \Device\Harddisk0\DR0\Partition0 - ok
    19:12:29.0676 10212 Boot (0x1200) (7f46445cd995c4556fe622e7083492dc) \Device\Harddisk0\DR0\Partition1
    19:12:29.0676 10212 \Device\Harddisk0\DR0\Partition1 - ok
    19:12:29.0676 10212 Boot (0x1200) (789122ba4a470f93790d2635baefc9ae) \Device\Harddisk0\DR0\Partition2
    19:12:29.0676 10212 \Device\Harddisk0\DR0\Partition2 - ok
    19:12:29.0676 10212 Boot (0x1200) (461f92c1e5d8c838e46381b2fa83efee) \Device\Harddisk1\DR1\Partition0
    19:12:29.0676 10212 \Device\Harddisk1\DR1\Partition0 - ok
    19:12:29.0691 10212 Boot (0x1200) (e78b5dde4e43f8792971e79e80cb2e5e) \Device\Harddisk2\DR2\Partition0
    19:12:29.0691 10212 \Device\Harddisk2\DR2\Partition0 - ok
    19:12:29.0691 10212 Boot (0x1200) (4ca4f3847d57afb3ddb6bc40fff7473e) \Device\Harddisk3\DR3\Partition0
    19:12:29.0691 10212 \Device\Harddisk3\DR3\Partition0 - ok
    19:12:29.0691 10212 Boot (0x1200) (73cb22d638daed12451560d3d8e9d8bb) \Device\Harddisk4\DR4\Partition0
    19:12:29.0691 10212 \Device\Harddisk4\DR4\Partition0 - ok
    19:12:29.0691 10212 Boot (0x1200) (b51c92afed20b2823239673d838f8421) \Device\Harddisk5\DR5\Partition0
    19:12:29.0707 10212 \Device\Harddisk5\DR5\Partition0 - ok
    19:12:29.0707 10212 ============================================================
    19:12:29.0707 10212 Scan finished
    19:12:29.0707 10212 ============================================================
    19:12:29.0707 8892 Detected object count: 0
    19:12:29.0707 8892 Actual detected object count: 0
  6. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.04.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Craig Lick :: WORKSTATION [administrator]
    Protection: Enabled
    8/4/2012 7:21:06 PM
    mbam-log-2012-08-04 (19-21-06).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209411
    Time elapsed: 8 minute(s), 35 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  7. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    Next time please read forum rules first.
    You shouldn't be running Combofix on your own.

    ===========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    Broni,

    Thanks for the quick reply. I was just in a hurry to fix the problem, hence running combofix. Since I first posted there are several other things going on with the computer so I know the problem isn't resolved. I can't open my NX software, it's giving me a license error. And now my each time I try to go to a secured website it notifies me that the browser can't. I hope we can get this resolved, if not I'm willing to do a clean install as I've backed up my documents, just hope the virus wasn't copied as well. Any how, here is the log for Malwarebytes:

    sMalwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.04.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Craig Lick :: WORKSTATION [administrator]
    Protection: Disabled
    8/4/2012 10:39:54 PM
    mbam-log-2012-08-04 (22-39-54).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209602
    Time elapsed: 2 minute(s), 31 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  9. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    I'm not familiar with NX software.
    Can you reinstall it?

    Which browser and what is the exact message?
    Did you try different browser?

    Go on with other scans...
  10. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    NX software is a 3D graphics design program that I use for my business. I can re-install it if necessary with no problems. For the browser I'm just using IE. The message says the following, " You are about to leave a secure internet connection. It will be possible for others to view information you send. Do you want to continue?" I tried Chrome and it seemed to work. When replying to this thread IE stopped responding. I'm now using Chrome until this is resolved.
  11. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    Here are the scan results from RogueKiller. One note, the software wanted to update but IE wouldn't let it work, not sure if this is a problem or not. It found six "problems". Do I need to delete all of these items?

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Craig Lick [Admin rights]
    Mode: Scan -- Date: 08/04/2012 22:50:26

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 6 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\WLXPGSS.SCR) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ATA ST3320418AS SCSI Disk Device +++++
    --- User ---
    [MBR] b4fa45de11e91f06005f6041ab1e0d7d
    [BSP] ebd599fa971d805f72cba0df6f7627a9 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 750 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1697792 | Size: 304415 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: ATA ST3320418AS SCSI Disk Device +++++
    --- User ---
    [MBR] 33256fafe1e96adce053ce2c6eb49550
    [BSP] 7828dd0b56add9dfb3b319ff6ef206cb : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ATA WDC WD3200AAKS-7 SCSI Disk Device +++++
    --- User ---
    [MBR] f0ca913fb2347fe63a3d2bb8e9cd8d1d
    [BSP] d62cf4190bfd39ae4bc92f1f534480be : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: ATA ST3500630AS SCSI Disk Device +++++
    --- User ---
    [MBR] 046e251740f2950cd11cf7dd16f88e65
    [BSP] aff1d42a08ed6163adfb3e5baa3cb6bc : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  12. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    aswMBR didn't finish running. It can up with an error "avast! Antirootkit has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. I will close the problem and try to re-run.

    Update: program will not run, same error present.
  13. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Please do.

    This is standard IE warning. See here what to do about it: http://forums.techguy.org/general-security/975873-solved-security-alert-when-starting.html

    See if aswMBR will run from safe mode.
  14. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    aswMBR will not run in safe mode. For the IE warning, I've never seen this since the 1st few times I've used the computer and I selected "don't show this message again". It's new since the virus.
  15. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Some of the tools you ran must have reset IE settings.
    Most likely Combofix.

    So far all looks clean.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    OTL logfile created on: 8/4/2012 11:56:06 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig Lick\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 83.23% Memory free
    11.99 Gb Paging File | 11.10 Gb Available in Paging File | 92.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.28 Gb Total Space | 80.28 Gb Free Space | 27.01% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
    Drive I: | 298.09 Gb Total Space | 196.96 Gb Free Space | 66.08% Space Free | Partition Type: NTFS

    Computer Name: WORKSTATION | User Name: Craig Lick | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/04 23:53:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig Lick\Desktop\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010/11/25 13:20:40 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2010/03/29 14:00:58 | 002,363,240 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2010/02/08 17:26:50 | 000,515,952 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2010/02/03 18:53:54 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2009/10/27 09:49:32 | 006,807,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/02/01 22:14:04 | 000,566,192 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxcicoms.exe -- (lxci_device)
    SRV - [2012/08/03 01:55:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/11 16:18:01 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2012/07/11 16:17:40 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/26 07:51:34 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
    SRV - [2012/05/07 03:17:58 | 001,853,072 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)
    SRV - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Stopped] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
    SRV - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Stopped] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
    SRV - [2012/02/07 23:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
    SRV - [2011/12/08 20:29:58 | 002,064,992 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
    SRV - [2011/11/13 09:22:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2011/11/13 09:17:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2011/08/05 18:51:58 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/11/25 22:19:15 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/11/25 16:17:34 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/09/01 14:05:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/07/21 15:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe -- (TmPfw)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2009/10/15 07:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV - [2009/09/11 20:46:46 | 000,144,680 | ---- | M] (Mentor Graphics Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
    SRV - [2009/07/07 01:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe -- (UGS License Server (ugslmd)
    SRV - [2009/07/06 15:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
    SRV - [2009/04/06 19:23:52 | 000,038,400 | R--- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sage Software\Peachtree\SmartPostingService2010.exe -- (Peachtree SmartPosting 2010)
    SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2008/07/14 11:28:26 | 000,446,464 | ---- | M] () [Auto | Stopped] -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe -- (MegaMonitorSrv)
    SRV - [2008/05/26 17:33:54 | 000,056,952 | R--- | M] () [Auto | Stopped] -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
    SRV - [2007/02/01 22:13:46 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxcicoms.exe -- (lxci_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/11 16:17:41 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/05/03 17:52:02 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
    DRV:64bit: - [2012/05/03 17:52:00 | 000,048,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
    DRV:64bit: - [2012/05/03 17:51:54 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
    DRV:64bit: - [2012/05/03 17:51:52 | 000,058,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/20 11:55:58 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/28 11:16:08 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/08 20:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
    DRV:64bit: - [2010/11/08 20:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
    DRV:64bit: - [2010/07/27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2010/07/27 08:12:50 | 000,068,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvsels64.sys -- (lvsels64)
    DRV:64bit: - [2010/07/27 08:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
    DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2010/02/10 13:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
    DRV:64bit: - [2010/02/09 09:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2010/01/27 12:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2010/01/27 12:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
    DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/06/04 15:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2011/07/12 11:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
    DRV - [2011/07/12 11:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
    DRV - [2011/07/12 11:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
    DRV - [2010/01/27 12:22:02 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7DB024C7-5057-43C7-B34D-9F8349154933}
    IE:64bit: - HKLM\..\SearchScopes\{7DB024C7-5057-43C7-B34D-9F8349154933}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0D3BB31C-CEB2-487B-89B0-3E86731AE43F}
    IE - HKLM\..\SearchScopes\{0D3BB31C-CEB2-487B-89B0-3E86731AE43F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\SearchScopes,DefaultScope = {B67C90FE-6551-4749-A3A5-002258A1FADD}
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\SearchScopes\{B67C90FE-6551-4749-A3A5-002258A1FADD}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Craig Lick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Craig Lick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Craig Lick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Craig Lick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/18 12:28:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012/03/22 20:39:41 | 000,102,423 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/07/22 11:14:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 16:25:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\FirefoxExtension [2012/07/09 00:42:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/18 12:28:04 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Chrome\Application\21.0.1180.60\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AT_Porsche = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: FBPHOTOZOOM = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.0_0\
    CHR - Extension: FBPHOTOZOOM = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
  17. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    O1 HOSTS File: ([2012/08/04 17:47:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll (Trend Micro Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [LXCICATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCItime.DLL (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [lxcimon.exe] C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
    O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
    O4 - HKLM..\Run: [Popup] c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe (LSI Logic)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.3.cab (AlternaTIFF ActiveX)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://notes.paulstra.com/dwa7W.cab (Domino Web Access 7 Control)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab (DacomDownload Control)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B0AB6B-1BC2-4A92-95D6-BAC7A36A1A60}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll (Trend Micro Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/04 23:53:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Craig Lick\Desktop\OTL.exe
    [2012/08/04 23:06:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Craig Lick\Desktop\aswMBR.exe
    [2012/08/04 22:47:53 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\Desktop\RK_Quarantine
    [2012/08/04 17:48:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/04 17:17:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/04 17:17:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/04 17:17:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/04 17:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/04 17:17:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/04 17:16:34 | 004,724,408 | R--- | C] (Swearware) -- C:\Users\Craig Lick\Desktop\ComboFix.exe
    [2012/08/04 17:14:09 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{1492EEF5-F8B4-421A-B4E3-3E0E89096A2C}
    [2012/08/04 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{915EE8F1-DB9F-496C-B02C-A8C9B22666D3}
    [2012/08/04 17:06:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/04 17:04:54 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Craig Lick\Desktop\tdsskiller.exe
    [2012/08/04 15:40:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/08/04 10:16:36 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\Malwarebytes
    [2012/08/04 10:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/04 10:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/04 10:16:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/04 10:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/02 09:24:37 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\Mozilla
    [2012/07/29 20:03:40 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{F9E4C32F-6900-43E6-A651-9D764A5F79FD}
    [2012/07/29 20:02:13 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{F7E10762-774F-412C-9F08-33BA31AD8084}
    [2012/07/27 17:45:05 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{80DE7D8C-E9A8-4041-8927-BA701821513C}
    [2012/07/26 20:41:36 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{6089B0E6-891E-4227-B8EC-0767D699ED0E}
    [2012/07/26 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{B17127F8-04E5-4FEE-B75F-DB65F27F5B52}
    [2012/07/24 20:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
    [2012/07/24 20:01:51 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\Canneverbe Limited
    [2012/07/24 20:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
    [2012/07/24 18:59:18 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\ImgBurn
    [2012/07/24 18:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    [2012/07/24 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2012/07/23 21:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/07/23 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2012/07/23 11:40:49 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{2C8E507A-60B7-42AF-8040-42EA83A5F6C5}
    [2012/07/23 11:40:36 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{C2C0DB12-2F1D-44A1-9ADF-95F863430BAE}
    [2012/07/22 23:39:27 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{B72978D7-103E-44C0-8F93-69A2827A9C13}
    [2012/07/22 23:39:12 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{86775580-1019-4164-8BF6-AA24A113BE6E}
    [2012/07/22 11:35:57 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{A5632192-C498-4CDA-960C-09F48CEE6ED8}
    [2012/07/22 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{5501BD3A-6BE1-491E-B6F8-484DC8D13DBF}
    [2012/07/22 11:22:19 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/07/22 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2012/07/22 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{4320ECC2-B703-47C3-869C-EB4CC8639EDA}
    [2012/07/22 10:29:54 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{C93DA15F-69C5-4C30-9094-0EBCEAA15BF7}
    [2012/07/21 23:24:07 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{782ED842-4BF1-4ED8-ABF9-FC03D8D6EF1F}
    [2012/07/21 23:23:00 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{1EA39352-69E4-43CF-A8F8-9B3E446B2272}
    [2012/07/21 18:36:24 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{F39850E5-8E61-4DB4-93B4-B19436B140F6}
    [2012/07/21 18:34:39 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{54FA2494-B674-4423-9F29-A48C3A2419AB}
    [2012/07/21 17:49:58 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{EF7A2456-9118-42BE-8514-BD0766BE4ED7}
    [2012/07/21 17:48:14 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{52D4F05B-F3D3-46F9-A79B-858A13B0058C}
    [2012/07/19 20:50:46 | 000,189,576 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuFdDisk.sys
    [2012/07/19 20:50:46 | 000,019,592 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eudskacs.sys
    [2012/07/19 20:50:44 | 000,058,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eubakup.sys
    [2012/07/19 20:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 4.5
    [2012/07/19 20:50:07 | 000,025,224 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\fbnative.exe
    [2012/07/19 20:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
    [2012/07/19 20:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
    [2012/07/19 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{D3199503-EDF2-4EE2-A852-14B7BC94FD9A}
    [2012/07/19 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{6B6497B6-654D-43CD-B52A-03FD297621EE}
    [2012/07/19 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{360C49E0-40F3-46DD-921C-E9DB7FD6F79E}
    [2012/07/15 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{B2017FDA-46B0-4C6E-85DC-817733D01F72}
    [2012/07/15 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{9C415194-6ABB-4A75-A485-AFAD813CFBCF}
    [2012/07/15 21:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent

    ========== Files - Modified Within 30 Days ==========

    [2012/08/04 23:53:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig Lick\Desktop\OTL.exe
    [2012/08/04 23:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/04 23:40:42 | 534,966,271 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/04 23:39:10 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000024-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/08/04 23:39:10 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000024-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/08/04 23:39:10 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000024-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/08/04 23:24:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3786357333-3721308993-2941691671-1000UA.job
    [2012/08/04 23:07:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Craig Lick\Desktop\aswMBR.exe
    [2012/08/04 22:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/04 22:47:53 | 001,552,384 | ---- | M] () -- C:\Users\Craig Lick\Desktop\RogueKiller.exe
    [2012/08/04 22:03:54 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/04 22:03:54 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/04 17:52:19 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
    [2012/08/04 17:47:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/04 17:16:51 | 004,724,408 | R--- | M] (Swearware) -- C:\Users\Craig Lick\Desktop\ComboFix.exe
    [2012/08/04 17:04:54 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Craig Lick\Desktop\tdsskiller.exe
    [2012/08/04 16:38:38 | 519,018,446 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/04 13:24:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3786357333-3721308993-2941691671-1000Core.job
    [2012/08/04 10:16:26 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 20:05:08 | 000,870,128 | ---- | M] () -- C:\Users\Craig Lick\AppData\Roaming\mcs.rma
    [2012/07/29 15:40:55 | 000,600,239 | ---- | M] () -- C:\Users\Craig Lick\Desktop\Help.x_t
    [2012/07/29 00:48:16 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
    [2012/07/29 00:48:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/07/26 20:50:17 | 000,001,830 | -H-- | M] () -- C:\Windows\EPMBatch.ept
    [2012/07/24 20:01:23 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
    [2012/07/24 18:58:00 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2012/07/23 07:04:40 | 000,986,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/23 07:04:40 | 000,816,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/23 07:04:40 | 000,168,488 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/22 22:11:25 | 001,835,008 | ---- | M] () -- C:\Users\Craig Lick\Documents\TrueCrypt Rescue Disk.iso
    [2012/07/22 11:14:49 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/07/19 20:50:42 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.5.lnk
    [2012/07/19 20:47:06 | 000,001,436 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    [2012/07/15 21:03:25 | 005,072,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/11 16:17:41 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2012/07/11 16:17:40 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2012/07/11 16:17:40 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

    ========== Files Created - No Company Name ==========

    [2012/08/04 22:47:48 | 001,552,384 | ---- | C] () -- C:\Users\Craig Lick\Desktop\RogueKiller.exe
    [2012/08/04 17:17:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/04 17:17:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/04 17:17:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/04 17:17:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/04 17:17:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/04 15:39:56 | 519,018,446 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/04 10:16:26 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 15:40:55 | 000,600,239 | ---- | C] () -- C:\Users\Craig Lick\Desktop\Help.x_t
    [2012/07/24 20:01:23 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
    [2012/07/24 20:01:23 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    [2012/07/24 18:58:00 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    [2012/07/24 18:58:00 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2012/07/22 22:11:25 | 001,835,008 | ---- | C] () -- C:\Users\Craig Lick\Documents\TrueCrypt Rescue Disk.iso
    [2012/07/21 10:58:57 | 000,001,830 | -H-- | C] () -- C:\Windows\EPMBatch.ept
    [2012/07/19 20:50:43 | 000,048,776 | ---- | C] () -- C:\Windows\SysNative\drivers\EUBKMON.sys
    [2012/07/19 20:50:42 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.5.lnk
    [2012/07/19 20:47:06 | 000,001,436 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    [2012/07/19 20:47:04 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
    [2012/07/19 20:47:04 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2012/07/19 20:47:04 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
    [2012/07/19 20:47:04 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2012/07/19 20:47:04 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
    [2012/07/19 20:47:04 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
    [2012/07/19 20:47:04 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
    [2012/07/19 20:47:03 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2012/07/19 20:47:03 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2012/07/19 20:47:03 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2012/05/28 19:23:19 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2012/03/29 18:36:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
    [2011/12/10 16:23:13 | 000,870,128 | ---- | C] () -- C:\Users\Craig Lick\AppData\Roaming\mcs.rma
    [2011/10/01 13:54:55 | 000,007,594 | ---- | C] () -- C:\Users\Craig Lick\AppData\Local\Resmon.ResmonCfg
    [2011/08/23 12:12:24 | 000,000,080 | ---- | C] () -- C:\Users\Craig Lick\CAMPUS.ppf
    [2011/08/22 16:39:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
    [2011/08/22 16:39:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
    [2011/08/22 16:39:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
    [2011/08/22 16:39:09 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
    [2011/08/22 16:39:08 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
    [2011/08/22 16:39:08 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
    [2011/08/22 16:39:08 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
    [2011/08/22 16:39:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
    [2011/08/22 16:39:08 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
    [2011/08/22 16:39:08 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
    [2011/08/22 16:39:08 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
    [2011/08/22 16:39:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
    [2011/08/22 16:39:08 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
    [2011/08/22 16:39:08 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
    [2011/08/22 16:39:08 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
    [2011/08/22 16:39:08 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
    [2011/08/22 16:39:08 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
    [2011/08/05 18:52:12 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/14 21:13:03 | 000,002,140 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/07/14 21:13:03 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/05/11 19:38:12 | 000,940,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/18 12:16:16 | 000,221,593 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2010/12/18 12:16:15 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2010/11/28 19:24:33 | 000,000,254 | ---- | C] () -- C:\Windows\solvermfc.INI
    [2010/11/25 16:24:05 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2010/09/01 16:28:24 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2010/09/01 14:06:11 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/09/01 14:06:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/01 14:00:24 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

    ========== LOP Check ==========

    [2012/04/19 20:06:51 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\3Dconnexion
    [2011/01/08 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Acme Photo ScreenSaver Maker
    [2012/05/28 17:07:32 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\BitTorrent
    [2010/09/07 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Broadcom
    [2012/07/24 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Canneverbe Limited
    [2012/05/28 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\com.adobe.WidgetBrowser
    [2011/10/22 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\DassaultSystemes
    [2010/11/28 19:26:31 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\EDrawings
    [2010/09/07 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\GetRightToGo
    [2012/07/24 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\ImgBurn
    [2010/10/31 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Leadertech
    [2012/02/27 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\LimeWire
    [2010/11/25 19:24:24 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Luxology
    [2012/05/28 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\PACE Anti-Piracy
    [2012/03/22 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Peachtree
    [2012/05/28 19:24:21 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/07/23 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\TrueCrypt
    [2010/09/07 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Wave Systems Corp
    [2011/05/11 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\webex
    [2011/10/23 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\x-formation
    [2012/08/04 16:12:55 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:SelsBHa6ZApS7qDLZ
    @Alternate Data Stream - 1188 bytes -> C:\Program Files\Common Files\Microsoft Shared:CIkCIaU1DUKs6txKbReTFWe
    @Alternate Data Stream - 1101 bytes -> C:\ProgramData\Microsoft:4rNrgZNwpXNbX9cRvNfyCmv
    < End of report >
  18. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    OTL Extras logfile created on: 8/4/2012 11:56:06 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig Lick\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 83.23% Memory free
    11.99 Gb Paging File | 11.10 Gb Available in Paging File | 92.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.28 Gb Total Space | 80.28 Gb Free Space | 27.01% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
    Drive I: | 298.09 Gb Total Space | 196.96 Gb Free Space | 66.08% Space Free | Partition Type: NTFS

    Computer Name: WORKSTATION | User Name: Craig Lick | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07798E87-F35F-4230-BDB4-B0B213CB1496}" = lport=3351 | protocol=6 | dir=in | name=pervasive dbengine |
    "{079D1B16-A41C-4014-A744-8CA5F87B0C2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{188B3E5E-99DA-464C-B8AE-EFBC4898848D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{1BA5AD0F-C9B1-42B3-BBE3-1ADCC3557523}" = lport=139 | protocol=6 | dir=in | app=system |
    "{24EC4D3A-8BF4-4C7F-BD7C-5D66839F2FD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{2D692C5B-6581-4623-8AFE-9D8208BE8343}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2DA9ED5F-6B53-40D5-BC40-6DE8D2820EF7}" = lport=137 | protocol=17 | dir=in | app=system |
    "{302E0A49-6308-4591-9317-E6067EFF811D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{34E0657D-6329-4897-A83A-3E6BBE8BD79B}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
    "{3C8C7609-64B5-4230-A712-88E90D2F7572}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4EFCE80B-D2A0-4B7E-B2FB-0F9FB0CC026D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5940A761-961A-46C3-85CB-15A9E372D18D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6040FAC1-8A8E-4D32-8446-06BD48735096}" = lport=1583 | protocol=6 | dir=in | name=pervasive dbengine |
    "{71AB82B7-546E-4CDA-B67B-4DB2EFBDE998}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8D103B1C-9F91-4397-9196-FD27C7762F59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{9FB5EA95-BD7A-4729-A6B2-B745BC6C7EB2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B309494E-44AD-41F5-B74D-87BB07627A43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF1A079C-662B-4D37-B88B-BE7E4B5ACF04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D722D774-43AE-4B2F-88E8-778E547D035B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02F7D03C-1C56-4214-80B0-BE226963913A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{03F92E70-C297-40C0-A8F9-8FB0DC2603F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{06158825-A6CC-46E5-8DAE-ED7D12404A41}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{06FE2566-1609-4DEC-BD4D-25F472815E2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{077EE63E-EFEB-4A2B-9595-810CE1C1DA98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{07D21AAC-9C78-425B-AE09-A4A55C1A6874}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{094169C1-5D4A-4114-8364-28BE2B172DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
    "{0CB2F4E5-6C38-4C9F-A8F9-B7FC3FFCE265}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0E0D20B6-42AD-4EC6-B4FD-3F479F428408}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0EC8B5F6-B19F-4D91-AC66-919AADA110A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{10C75A64-417E-4FC9-B147-3901BCE528E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{139B9594-E826-474E-80F0-35DF5638B6A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1481CF6E-260A-48EF-BB2C-90D1EA745AC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{15C01D7C-3804-4119-BC69-776CA6969B20}" = protocol=17 | dir=in | app=h:\program files\limewire\limewire.exe |
    "{171A4968-1422-4B91-9391-4409FF01FFF0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{17CAEAA3-2818-4D85-B756-08F1FDEE916D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{17E54EEC-799A-495C-A372-8782ABC9E0A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1B4F0B41-AF2C-47B0-B866-5A2D62A3F24F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1C1644E8-06B4-47C2-A5C2-EB0AD0B57896}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1D1A7234-74FA-4327-A904-EDDC1FE66854}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{20710C3A-3006-4DCE-990A-31CC5900E5C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{21BD4AFF-61E0-4958-911D-24799FB0A18F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{21C3D636-14B4-4302-8793-8C1931F25B5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2212CE58-F5CF-4025-BBAD-1EFC7B5DBA3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{25411706-BC05-412E-A220-91905429F99C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2822F1A6-F0CB-4FB5-B767-6D410C3763EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{28FB8D29-ECD5-4EE1-BCDB-0FE773D00F24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{298030CB-ADF9-4825-BA00-EDACB134D3DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
    "{2B9B6F7D-CB31-4FEE-BF3A-1AF558E67628}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
    "{2BD7D199-3D26-4645-A1DD-5C1139715FCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{31E93987-1DA2-45AA-B3CF-210AB7CC1AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{35C376C8-8153-4AFB-8200-F5D8EEB5F15B}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
    "{35DD8253-FE58-4707-AE2F-CCD34ABFD0DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{377F13A0-35CA-48C5-9442-D3FD70B98241}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{37880761-9EF5-4077-95CF-332ED3B6758E}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
    "{3AE0B76C-19DF-4372-9FA8-15CD32F95062}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3DB0BC4F-79AC-40C1-B364-89D12794B5D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3FAA1537-F515-4CD4-9E16-EB84DBB5C9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
    "{436B770E-C365-4B5C-8483-4742300BF5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{454CB21D-BCAA-4AF0-9071-7682EC74A70E}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
    "{45D22C60-3571-4000-9058-C3968FA72BDA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{46E32E27-0267-49D0-8102-244F8661975C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{47EE950E-414F-41CA-85DF-B2BD3DD0D3E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4A963039-2A64-40F3-B954-991B6B767465}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4B70907C-C278-4E22-89CD-30AB7EBC5948}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
    "{4BBCA4C3-8B45-420E-9F1C-D45066FFACDF}" = protocol=17 | dir=in | app=c:\users\craig lick\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4D6726A2-0145-4790-B76B-9C795824E195}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{524475C8-B818-495C-B051-E9880DE6C42B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell sas raid storage manager\megapopup\popup.exe |
    "{5457AF19-C48B-4E2C-AA41-F5448AD81426}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{553CDBE5-9821-46F1-9641-6C82098BC212}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5A993859-478F-478B-9E93-58A0AC522C66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5AD55549-6422-4423-8634-2F7188E2AFBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5D4A43DD-A4A0-4D8F-81A9-6E6D6DB501BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{5E2F6891-019C-4791-B6DE-743A273766F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5E913752-AF58-4BDB-BF28-D885EFE9CCA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6044DDED-79E2-44F0-A5D1-1897F9784BFE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
    "{6315B468-8BF0-4628-8C4E-385A2952093A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{656A2C99-01F0-48B0-9236-7E6A4393A8EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{659E65FA-8742-4579-8970-3F9A551C9F8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6A4D9386-5E8E-4416-8639-00AE8F8AB571}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
    "{6ADC155D-E337-4F2C-8762-55E28DBF32D1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{6BC9BE60-1F4C-476E-A38D-D0AD56A5D770}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6F9EE3CA-6CB2-4EAE-823D-C89CCBEDC520}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7B2F4878-7F19-43F4-A191-27CB450000BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7E265353-6A91-4328-854D-3EBDCACA0F3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7E865BF2-8EE7-474A-ADE3-1ABC54EA8C78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7EB45ABF-7B80-4135-9DC7-B2E2CD32F670}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7F1A2584-3D13-4880-ABD5-06E25BEF05EB}" = protocol=6 | dir=in | app=c:\windows\system32\lxcicoms.exe |
    "{81F7626E-12BF-416C-8436-0AF4789CBC59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{824C0461-A822-4B12-83F5-38BBBB990B7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8407F87C-F934-4898-8C0F-9FD4C0CE1B8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{85307EC4-6FFC-4097-A877-021EDAACE250}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{85C4F884-AEBF-489F-8F69-36F3CBC4BA53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{87B20487-DBDC-430D-96A4-AC85FD0DF1D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8833B969-4907-4B89-8DA1-70D2DB7F8619}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
    "{89600C45-564B-4494-81AD-8451AA8B4A02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8D202777-B90A-4761-A2A3-DBF0ACA851CD}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
    "{8D779E6B-293E-4C92-A076-EF9339FFE84D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{90302C8D-C3D8-4E18-B8D6-8214D80794B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{92FD9971-6461-4ED9-8AE3-8728A6E8D28F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{94300FF1-4562-49B1-AB36-FD13A0461CEF}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
    "{9ACBCDE2-30B7-4DB2-9415-33185C5036FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9C2A6F68-BC3E-40A0-BA13-010FCD774E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell sas raid storage manager\megapopup\popup.exe |
    "{9E7E85FD-0AD8-414A-A923-F5D0F9031DCD}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{9EA53897-F6EB-426B-9440-82E5AB824CAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9F4B006E-0A88-42BD-AB9D-BC24C1730617}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A2F4AB30-DDB4-43F7-8649-2275A910A131}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A4029B03-1F26-4427-892F-71958C597907}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{A75E9CD2-275B-4BDD-A324-45D611B18654}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A8338504-6E0E-46CA-AF3E-CBA29E80A118}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
    "{A8A965AB-475C-4127-B55F-5C045AB6F5A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A94556EF-D515-46FF-9945-6A9B6EAA109F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A9B010ED-C3E0-4888-87D4-4B494E8C29E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AAF84E01-F770-4CE9-9418-2C6FBC4156F8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
    "{AC5EAD7B-C87A-4EB5-BB87-BE63F1F3F11D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{ACDF2A45-B84E-421A-B07D-21DF50116253}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AEAE36BE-296E-420E-AD31-AF1595AA4D7A}" = protocol=6 | dir=in | app=c:\users\craig lick\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{AF11A836-B8EB-4B8A-B7CD-9755475084B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B1892262-8F20-42D2-9F35-20507BA07353}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B381B729-AFBF-444E-9D41-B5555B45461E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BEC2E273-F228-4AD5-AB96-64B5C0010513}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BF309A27-0996-45FC-91DF-C7207EF63A5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BFE31337-AD4E-46EB-9FA2-8347C992FF4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C05EF604-5D44-4596-805A-37C539907E02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C1B5DFA0-D776-45C7-A520-DCD290CDE55E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C2B05D75-09BC-448D-8877-2DBBBD9C019F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C33D1CBF-301A-42B0-AED2-0EF2C9EBF56D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C39E4CE6-F428-4FA5-A057-8623282AC69B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D06F1647-9CF8-4308-BEBE-7AAEE8D83A23}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
    "{D17642BA-3581-4F09-9627-D0EE27C4EF65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D3473619-CE49-4CD5-94E3-CB6ACD7633E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D556A57D-A787-4107-9AC0-109B35C02CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{D625FBE6-97F7-429C-99B8-C9AD57D52225}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
    "{D7BCA529-99F5-409E-94E1-2F1F5651495A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D821A870-7229-445E-8900-968FCEDEB79E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
    "{D860A3DA-EF78-4326-BDDF-2A39BBEEDA56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DA50CA6E-E056-496B-B024-B424775D792A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DCD73E13-820F-4E67-97BA-CEF326E1E5DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DE0A2984-B98B-48C3-B3C4-73DBBB224A6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DEAAA8CA-00A6-4FCB-910F-90C9C77D63DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E102B093-7D8D-4500-B24B-A54E11CFF5AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E10CB571-75C4-4E99-AEC4-EC7EC1296D5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E1450F8D-4D8B-4E2C-95BA-49A7DE464802}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{E2F16C05-E2C1-4218-8904-0662A36D2C16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E31A34E9-B66A-40DD-80D7-D6C90EB18FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{E3C29352-B7D6-4B1C-B954-C1756CA2DDEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E40F6F27-C66A-45F7-A9AB-BFCC06276785}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E47557BB-B35B-46F2-800F-40392AD61B1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E5A6A09F-8365-4840-9099-50F1DC04E82F}" = protocol=6 | dir=in | app=h:\program files\limewire\limewire.exe |
    "{E63E4FA3-F5A7-4A78-AEBB-F822A94228DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E7EB41D8-4A4F-45DA-B731-A1A52060611D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EBB97847-62C2-4B8D-94C7-8DD44DA754A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{ED75449E-C87A-401B-8A32-188859E71AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F245849C-F1C0-4ADB-B9AB-19A7DD1F3C8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F45B97A4-1891-4D2C-B49F-6069526B5AE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F5D4F875-09FA-4D03-8896-FB8B509C55B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F77D6FAC-C539-49FF-87B8-A145E5D90F0B}" = protocol=17 | dir=in | app=c:\windows\system32\lxcicoms.exe |
    "{F8A7E00A-0265-4E97-B0D2-DA16CD35671F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F8C50D41-C938-488C-99F4-E49EAECFB632}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F9CE6CB1-DBBF-4F23-B716-BCC2CC5CE00D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FD78D901-CE2F-4111-93C0-6F48846CED37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FF88966A-5C44-4981-B2E0-72C6FA34C646}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{16B20C05-F44F-490A-89A7-4A7EB090D82B}C:\program files (x86)\dell sas raid storage manager\megapopup\popup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell sas raid storage manager\megapopup\popup.exe |
    "TCP Query User{3A8AC6C9-954C-45E4-8554-B7583B50F564}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{644F4CCD-1170-4E3F-B42B-1CA5079DAFDF}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
    "TCP Query User{7012EAE5-1CD0-4374-8E59-7C6551BB95F0}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{E0FAD7B1-D95D-4B9D-866E-D635BF2EEDDA}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "TCP Query User{F9E0D474-5095-40EE-89F4-4EE5968B1261}C:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=c:\program files\siemens\nx 8.0\ugii\ugraf.exe |
    "UDP Query User{24DDECE9-496F-45DA-9EDF-5D4EFD8A775D}C:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=c:\program files\siemens\nx 8.0\ugii\ugraf.exe |
    "UDP Query User{47140782-3EAE-436F-A637-7255DB6D4EEA}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{9814BC74-48A4-41E0-B0A6-AC9854836654}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
    "UDP Query User{A7E9AE09-DC06-4D5A-8A19-D982629BB38C}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "UDP Query User{D24894D2-CDF3-4C6E-B48E-627E7B6DE8B7}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{F8221408-B47F-4505-A71B-7FDB8332150E}C:\program files (x86)\dell sas raid storage manager\megapopup\popup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell sas raid storage manager\megapopup\popup.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{0CA30245-F843-407F-8FA6-52880DF8E67C}" = 3Dconnexion Plug-In for NX v3.0 - v8.0
    "{0D872C37-F656-427F-9571-A09B9AF8E126}" = 3Dconnexion Plug-In for 3ds Max v9 - 2013
    "{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2001197F-7545-41F7-9078-E8D23B3BBEAF}" = 3Dconnexion Plug-In for Photoshop CS3 - CS5
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{33A316AE-6EB6-4A3F-AA09-E12A57BA475D}" = Dell ControlPoint System Manager
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{43E2B6FC-BCF0-42AC-8C8B-BB2EF32E50E8}" = Siemens NX 8.0 Documentation
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
    "{51676C0E-2D18-49F3-A1BE-005DE2654168}" = Siemens NX 8.0
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{67154CF5-2C33-41C2-A9F2-A4FBC29482AD}" = Wave Infrastructure Installer
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E4E0AAC-0A90-421A-B10B-43C2B51D939F}" = 3Dconnexion 3DxWare (x64)
    "{794A9BD9-4F2B-40D2-9DAD-3F3EAE4901F1}" = 3Dconnexion Add-In for Solid Edge V18 - ST4
    "{7B7D73E7-79D5-4133-AB7A-E27BB5F64725}" = Dell Control Point 64
    "{7D381A8A-F3FF-4720-B39D-42B6B9DF9F3E}" = 3Dconnexion Plug-In for Maya v8.5 - 2013
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64
  19. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    9.0.30729.17
    "{82B2394D-F5CC-42F0-8DC1-48B3CAA382CC}" = Dassault Systemes Software Prerequisites x86-x64
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{917B8F5B-B527-4061-A9D0-EA80C7D72C76}" = 3Dconnexion Add-In for SolidWorks 2005 - 2012 (x64)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{B1BD6E2C-9CF1-4710-A0A9-16C8BFE19058}" = 3Dconnexion LCD Applets for SpacePilot PRO (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.89
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.89
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.89
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
    "{B40566D7-9383-4C54-ABC5-8B062834FB90}" = 3Dconnexion Add-In for Inventor 11 - 2013
    "{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
    "{BC38CBF6-030B-4E45-956C-4AF4512D54F3}" = 3Dconnexion Add-On for XSI v5.0 - 2013
    "{C3FB95A9-7A13-431E-B6E5-0E1E43DB8176}" = 3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 1.0
    "{C4CBE331-9BFC-456B-A4D8-4E43E5EA3788}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{F469B548-030B-41CD-BD46-D37A7EC9A530}" = Logitech LCD Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "Altair HyperWorks 11.0.0.39 (Local 64-bit)" = Altair HyperWorks 11.0.0.39 (Local 64-bit)
    "CCleaner" = CCleaner
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Lexmark 7300 Series" = Lexmark 7300 Series
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Shop for HP Supplies" = Shop for HP Supplies
    "sp6" = Logitech SetPoint 6.32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0DF90E6F-09C8-4BC1-A479-22C68B016AE7}" = 3Dconnexion Plug-in for Acrobat 3D
    "{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP0
    "{1552CEFA-66CC-4E9C-BCA3-1AA18499CF61}" = CodeSaver
    "{1553E6CA-E99D-4885-A8BE-EF67342B859F}" = COSMOSM 2010 (2009/280)
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4B407A54-6CF2-42B5-B419-E900B2E36972}" = 1500
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Accounting 2010
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
    "{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
    "{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0017-0C0A-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Spanish) 2010
    "{90140000-0017-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{F26F86C8-AC71-413C-B432-CD0007FD9C33}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
    "{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
    "{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
    "{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
    "{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
    "{90140000-001F-0403-0000-0000000FF1CE}_Office14.OMUI.es-es_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.es-es_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.es-es_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
    "{90140000-001F-0416-0000-0000000FF1CE}_Office14.OMUI.es-es_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
    "{90140000-001F-042D-0000-0000000FF1CE}_Office14.OMUI.es-es_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
    "{90140000-001F-0456-0000-0000000FF1CE}_Office14.OMUI.es-es_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.OMUI.es-es_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
    "{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
    "{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
    "{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
    "{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
    "{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0100-0C0A-0000-0000000FF1CE}" = Microsoft Office O MUI (Spanish) 2010
    "{90140000-0100-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{59DDF6A6-FD7E-4A78-968A-0FDBACB8B91C}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0101-0C0A-0000-0000000FF1CE}" = Microsoft Office X MUI (Spanish) 2010
    "{90140000-0101-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{4EB53E7C-9760-4670-AEF4-797A479CC67B}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
    "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B40EED7A-63D4-4ED2-910D-9A64FF94DF22}" = UGSLicensing
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
    "{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (SpacePilot PRO x64 Edition)
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF6D7B73-BAB6-44F8-A0CD-E01851D3B3CF}" = Dell SAS RAID Storage Manager
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F2057D50-4306-4156-A002-0C3B306E3CA3}" = 3Dconnexion Extension for SketchUp
    "{F224D7E4-E064-44C4-9927-B7690973A8DC}" = VideoSaver
    "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "3DMIDI" = Creative 3DMIDI Player
    "Acme Photo ScreenSaver Maker V3.22_is1" = Acme Photo ScreenSaver Maker v3.22
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "ALchemy" = Creative ALchemy
    "AudioCS" = Creative Audio Control Panel
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "Console Launcher" = Creative Console Launcher
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diagnostics 4_5" = Creative Diagnostics
    "DjVu" = LizardTech DjVu Control (autoinstall)
    "Dolby Digital Live Pack" = Dolby Digital Live Pack
    "DTS Connect Pack" = DTS Connect Pack
    "EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
    "EaseUS Todo Backup Free 4.5_is1" = EaseUS Todo Backup Free 4.5
    "ImgBurn" = ImgBurn
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
    "InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Quantum 2010 - Accountants' Edition
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{BF6D7B73-BAB6-44F8-A0CD-E01851D3B3CF}" = Dell SAS RAID Storage Manager v2.66-00
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "Integration Services" = Sage Integration Services
    "jZip" = jZip
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.OMUI.es-es" = Microsoft Office Language Pack 2010 - Spanish/Español
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "OpenAL" = OpenAL
    "Pervasive PSQL v10.10 Workgroup (32-bit)" = Pervasive PSQL v10.10 Workgroup (32-bit)
    "PRJPRO" = Microsoft Office Project Professional 2007
    "RealPlayer 15.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "Searchqu 102 MediaBar" = Windows Searchqu Toolbar
    "SFBM" = SoundFont Bank Manager
    "SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
    "SystemRequirementsLab" = System Requirements Lab
    "TrueCrypt" = TrueCrypt
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "VirtualCloneDrive" = VirtualCloneDrive
    "WaveStudio 7" = Creative WaveStudio 7
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.11 (32-bit)
    "Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/15/2012 4:15:08 AM | Computer Name = Workstation | Source = Windows Backup | ID = 4104
    Description =

    Error - 4/15/2012 2:36:29 PM | Computer Name = Workstation | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4/16/2012 4:15:09 AM | Computer Name = Workstation | Source = Windows Backup | ID = 4104
    Description =

    Error - 4/16/2012 9:20:15 AM | Computer Name = Workstation | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4/17/2012 4:07:55 AM | Computer Name = Workstation | Source = Windows Backup | ID = 4104
    Description =

    Error - 4/17/2012 4:26:25 AM | Computer Name = Workstation | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4/18/2012 4:10:10 AM | Computer Name = Workstation | Source = Windows Backup | ID = 4104
    Description =

    Error - 4/18/2012 6:52:00 PM | Computer Name = Workstation | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4/19/2012 4:07:08 AM | Computer Name = Workstation | Source = Windows Backup | ID = 4104
    Description =

    Error - 4/19/2012 1:21:30 PM | Computer Name = Workstation | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ Media Center Events ]
    Error - 5/5/2011 7:02:14 AM | Computer Name = Workstation | Source = MCUpdate | ID = 0
    Description = 7:02:14 AM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    [ System Events ]
    Error - 10/1/2011 1:14:02 PM | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 10/1/2011 1:14:14 PM | Computer Name = Workstation | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {C8B0AB6B-1BC2-4A92-95D6-BAC7A36A1A60}
    with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
    complete this function.

    Error - 10/1/2011 2:01:54 PM | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 10/1/2011 2:02:09 PM | Computer Name = Workstation | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {C8B0AB6B-1BC2-4A92-95D6-BAC7A36A1A60}
    with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
    complete this function.

    Error - 10/1/2011 2:47:05 PM | Computer Name = Workstation | Source = DCOM | ID = 10010
    Description =

    Error - 10/1/2011 2:55:22 PM | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 10/1/2011 2:56:30 PM | Computer Name = Workstation | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {C8B0AB6B-1BC2-4A92-95D6-BAC7A36A1A60}
    with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
    complete this function.

    Error - 10/3/2011 6:06:56 AM | Computer Name = Workstation | Source = volsnap | ID = 393241
    Description = The shadow copies of volume E: were deleted because the shadow copy
    storage could not grow in time. Consider reducing the IO load on the system or
    choose a shadow copy storage volume that is not being shadow copied.

    Error - 10/13/2011 3:27:29 AM | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 10/13/2011 3:27:53 AM | Computer Name = Workstation | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {C8B0AB6B-1BC2-4A92-95D6-BAC7A36A1A60}
    with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
    complete this function.


    < End of report >
  20. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    I need that scan from NORMAL mode.
    Re-run OTL. Only one log will be produced.
  21. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    OTL logfile created on: 8/5/2012 12:16:29 AM - Run 2
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig Lick\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 3.56 Gb Available Physical Memory | 59.40% Memory free
    11.99 Gb Paging File | 9.20 Gb Available in Paging File | 76.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.28 Gb Total Space | 80.28 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
    Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
    Drive I: | 298.09 Gb Total Space | 196.96 Gb Free Space | 66.08% Space Free | Partition Type: NTFS

    Computer Name: WORKSTATION | User Name: Craig Lick | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/04 23:53:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig Lick\Desktop\OTL.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/06/21 16:24:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    PRC - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
    PRC - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    PRC - [2012/05/03 17:52:08 | 000,750,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    PRC - [2012/05/03 17:52:08 | 000,071,816 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
    PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/02/07 23:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
    PRC - [2012/02/07 23:13:50 | 000,024,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    PRC - [2011/11/20 11:55:58 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
    PRC - [2011/10/22 21:24:40 | 000,680,960 | ---- | M] () -- C:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe
    PRC - [2011/08/05 18:51:58 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/03/30 17:12:10 | 000,856,064 | ---- | M] (3Dconnexion) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD40Task.exe
    PRC - [2011/03/30 17:09:56 | 000,876,544 | ---- | M] (3Dconnexion) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD20Mail.exe
    PRC - [2011/03/30 17:09:24 | 000,864,256 | ---- | M] (3Dconnexion) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD30Calendar.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
    PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    PRC - [2009/09/11 20:46:46 | 000,144,680 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
    PRC - [2009/07/07 01:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
    PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    PRC - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    PRC - [2008/11/06 14:26:08 | 000,089,928 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
    PRC - [2008/11/06 14:26:08 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
    PRC - [2008/11/06 14:26:04 | 008,801,608 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
    PRC - [2008/11/06 14:26:02 | 007,217,480 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
    PRC - [2008/07/14 11:28:26 | 000,446,464 | ---- | M] () -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
    PRC - [2008/05/26 17:33:54 | 000,056,952 | R--- | M] () -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
    PRC - [2008/05/20 15:42:12 | 000,135,168 | R--- | M] (Sun Microsystems, Inc.) -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
    PRC - [2007/12/18 18:17:06 | 000,081,096 | ---- | M] (LSI Logic) -- C:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaPopup\popup.exe
    PRC - [2007/05/11 10:01:40 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe
    PRC - [2007/05/11 09:59:20 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe
    PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/03 17:51:06 | 000,051,848 | ---- | M] () -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
    MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
    MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
    MOD - [2008/11/06 14:26:00 | 004,715,848 | R--- | M] () -- C:\Program Files (x86)\TechSmith\Snagit 9\PDFNetC.dll
    MOD - [2008/07/14 21:52:14 | 000,090,112 | ---- | M] () -- C:\Windows\SysWOW64\AlertStrings.dll
    MOD - [2008/06/10 15:38:26 | 000,880,640 | ---- | M] () -- C:\Windows\SysWOW64\libeay32.dll
    MOD - [2008/06/10 15:38:26 | 000,159,744 | ---- | M] () -- C:\Windows\SysWOW64\ssleay32.dll
    MOD - [2005/06/14 17:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7300 Series\iptk.dll
    MOD - [2005/04/28 09:34:20 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7300 Series\lxcidrec.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010/11/25 13:20:40 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2010/03/29 14:00:58 | 002,363,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2010/02/08 17:26:50 | 000,515,952 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2010/02/03 18:53:54 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2009/10/27 09:49:32 | 006,807,656 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/02/01 22:14:04 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcicoms.exe -- (lxci_device)
    SRV - [2012/08/03 01:55:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/11 16:18:01 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2012/07/11 16:17:40 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/26 07:51:34 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
    SRV - [2012/05/07 03:17:58 | 001,853,072 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)
    SRV - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
    SRV - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
    SRV - [2012/02/07 23:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
    SRV - [2011/12/08 20:29:58 | 002,064,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
    SRV - [2011/11/13 09:22:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2011/11/13 09:17:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2011/08/05 18:51:58 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/11/25 22:19:15 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/11/25 16:17:34 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/09/01 14:05:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/07/21 15:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe -- (TmPfw)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2009/10/15 07:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV - [2009/09/11 20:46:46 | 000,144,680 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
    SRV - [2009/07/07 01:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe -- (UGS License Server (ugslmd)
    SRV - [2009/07/06 15:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
    SRV - [2009/04/06 19:23:52 | 000,038,400 | R--- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sage Software\Peachtree\SmartPostingService2010.exe -- (Peachtree SmartPosting 2010)
    SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2008/07/14 11:28:26 | 000,446,464 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe -- (MegaMonitorSrv)
    SRV - [2008/05/26 17:33:54 | 000,056,952 | R--- | M] () [Auto | Running] -- c:\Program Files (x86)\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
    SRV - [2007/02/01 22:13:46 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcicoms.exe -- (lxci_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/11 16:17:41 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/05/03 17:52:02 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
    DRV:64bit: - [2012/05/03 17:52:00 | 000,048,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
    DRV:64bit: - [2012/05/03 17:51:54 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
    DRV:64bit: - [2012/05/03 17:51:52 | 000,058,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/20 11:55:58 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/28 11:16:08 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/08 20:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
    DRV:64bit: - [2010/11/08 20:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
    DRV:64bit: - [2010/07/27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2010/07/27 08:12:50 | 000,068,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvsels64.sys -- (lvsels64)
    DRV:64bit: - [2010/07/27 08:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
    DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2010/02/10 13:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
    DRV:64bit: - [2010/02/09 09:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2010/01/27 12:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2010/01/27 12:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
    DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/06/04 15:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2011/07/12 11:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
    DRV - [2011/07/12 11:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
    DRV - [2011/07/12 11:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
    DRV - [2010/01/27 12:22:02 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7DB024C7-5057-43C7-B34D-9F8349154933}
    IE:64bit: - HKLM\..\SearchScopes\{7DB024C7-5057-43C7-B34D-9F8349154933}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0D3BB31C-CEB2-487B-89B0-3E86731AE43F}
    IE - HKLM\..\SearchScopes\{0D3BB31C-CEB2-487B-89B0-3E86731AE43F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\SearchScopes,DefaultScope = {B67C90FE-6551-4749-A3A5-002258A1FADD}
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\SearchScopes\{B67C90FE-6551-4749-A3A5-002258A1FADD}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Craig Lick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Craig Lick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Craig Lick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Craig Lick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/18 12:28:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012/03/22 20:39:41 | 000,102,423 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/07/22 11:14:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 16:25:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\FirefoxExtension [2012/07/09 00:42:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/18 12:28:04 | 000,000,000 | ---D | M]
  22. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Chrome\Application\21.0.1180.60\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Craig Lick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AT_Porsche = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: FBPHOTOZOOM = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.0_0\
    CHR - Extension: FBPHOTOZOOM = C:\Users\Craig Lick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\

    O1 HOSTS File: ([2012/08/04 17:47:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll (Trend Micro Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [LXCICATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCItime.DLL (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [lxcimon.exe] C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
    O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
    O4 - HKLM..\Run: [Popup] c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe (LSI Logic)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.3.cab (AlternaTIFF ActiveX)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://notes.paulstra.com/dwa7W.cab (Domino Web Access 7 Control)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab (DacomDownload Control)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B0AB6B-1BC2-4A92-95D6-BAC7A36A1A60}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll (Trend Micro Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/04 23:53:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Craig Lick\Desktop\OTL.exe
    [2012/08/04 23:06:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Craig Lick\Desktop\aswMBR.exe
    [2012/08/04 22:47:53 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\Desktop\RK_Quarantine
    [2012/08/04 17:48:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/04 17:17:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/04 17:17:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/04 17:17:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/04 17:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/04 17:17:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/04 17:16:34 | 004,724,408 | R--- | C] (Swearware) -- C:\Users\Craig Lick\Desktop\ComboFix.exe
    [2012/08/04 17:14:09 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{1492EEF5-F8B4-421A-B4E3-3E0E89096A2C}
    [2012/08/04 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{915EE8F1-DB9F-496C-B02C-A8C9B22666D3}
    [2012/08/04 17:06:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/04 17:04:54 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Craig Lick\Desktop\tdsskiller.exe
    [2012/08/04 15:40:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/08/04 10:16:36 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\Malwarebytes
    [2012/08/04 10:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/04 10:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/04 10:16:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/04 10:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/02 09:24:37 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\Mozilla
    [2012/07/29 20:03:40 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{F9E4C32F-6900-43E6-A651-9D764A5F79FD}
    [2012/07/29 20:02:13 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{F7E10762-774F-412C-9F08-33BA31AD8084}
    [2012/07/27 17:45:05 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{80DE7D8C-E9A8-4041-8927-BA701821513C}
    [2012/07/26 20:41:36 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{6089B0E6-891E-4227-B8EC-0767D699ED0E}
    [2012/07/26 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{B17127F8-04E5-4FEE-B75F-DB65F27F5B52}
    [2012/07/24 20:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
    [2012/07/24 20:01:51 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\Canneverbe Limited
    [2012/07/24 20:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
    [2012/07/24 18:59:18 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Roaming\ImgBurn
    [2012/07/24 18:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    [2012/07/24 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2012/07/23 21:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/07/23 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2012/07/23 11:40:49 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{2C8E507A-60B7-42AF-8040-42EA83A5F6C5}
    [2012/07/23 11:40:36 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{C2C0DB12-2F1D-44A1-9ADF-95F863430BAE}
    [2012/07/22 23:39:27 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{B72978D7-103E-44C0-8F93-69A2827A9C13}
    [2012/07/22 23:39:12 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{86775580-1019-4164-8BF6-AA24A113BE6E}
    [2012/07/22 11:35:57 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{A5632192-C498-4CDA-960C-09F48CEE6ED8}
    [2012/07/22 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{5501BD3A-6BE1-491E-B6F8-484DC8D13DBF}
    [2012/07/22 11:22:19 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/07/22 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2012/07/22 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{4320ECC2-B703-47C3-869C-EB4CC8639EDA}
    [2012/07/22 10:29:54 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{C93DA15F-69C5-4C30-9094-0EBCEAA15BF7}
    [2012/07/21 23:24:07 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{782ED842-4BF1-4ED8-ABF9-FC03D8D6EF1F}
    [2012/07/21 23:23:00 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{1EA39352-69E4-43CF-A8F8-9B3E446B2272}
    [2012/07/21 18:36:24 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{F39850E5-8E61-4DB4-93B4-B19436B140F6}
    [2012/07/21 18:34:39 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{54FA2494-B674-4423-9F29-A48C3A2419AB}
    [2012/07/21 17:49:58 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{EF7A2456-9118-42BE-8514-BD0766BE4ED7}
    [2012/07/21 17:48:14 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{52D4F05B-F3D3-46F9-A79B-858A13B0058C}
    [2012/07/19 20:50:46 | 000,189,576 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuFdDisk.sys
    [2012/07/19 20:50:46 | 000,019,592 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eudskacs.sys
    [2012/07/19 20:50:44 | 000,058,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eubakup.sys
    [2012/07/19 20:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 4.5
    [2012/07/19 20:50:07 | 000,025,224 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\fbnative.exe
    [2012/07/19 20:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
    [2012/07/19 20:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
    [2012/07/19 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{D3199503-EDF2-4EE2-A852-14B7BC94FD9A}
    [2012/07/19 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{6B6497B6-654D-43CD-B52A-03FD297621EE}
    [2012/07/19 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{360C49E0-40F3-46DD-921C-E9DB7FD6F79E}
    [2012/07/15 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{B2017FDA-46B0-4C6E-85DC-817733D01F72}
    [2012/07/15 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\Craig Lick\AppData\Local\{9C415194-6ABB-4A75-A485-AFAD813CFBCF}
    [2012/07/15 21:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent

    ========== Files - Modified Within 30 Days ==========

    [2012/08/05 00:24:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3786357333-3721308993-2941691671-1000UA.job
    [2012/08/05 00:21:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/05 00:21:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/05 00:17:09 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
    [2012/08/05 00:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/05 00:11:58 | 534,966,271 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/04 23:53:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig Lick\Desktop\OTL.exe
    [2012/08/04 23:39:10 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000024-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/08/04 23:39:10 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000024-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/08/04 23:39:10 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000024-00000000-00000000-00001102-0000000B-00441102}.rfx
    [2012/08/04 23:07:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Craig Lick\Desktop\aswMBR.exe
    [2012/08/04 22:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/04 22:47:53 | 001,552,384 | ---- | M] () -- C:\Users\Craig Lick\Desktop\RogueKiller.exe
    [2012/08/04 17:47:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/04 17:16:51 | 004,724,408 | R--- | M] (Swearware) -- C:\Users\Craig Lick\Desktop\ComboFix.exe
    [2012/08/04 17:04:54 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Craig Lick\Desktop\tdsskiller.exe
    [2012/08/04 16:38:38 | 519,018,446 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/04 13:24:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3786357333-3721308993-2941691671-1000Core.job
    [2012/08/04 10:16:26 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 20:05:08 | 000,870,128 | ---- | M] () -- C:\Users\Craig Lick\AppData\Roaming\mcs.rma
    [2012/07/29 15:40:55 | 000,600,239 | ---- | M] () -- C:\Users\Craig Lick\Desktop\Help.x_t
    [2012/07/29 00:48:16 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
    [2012/07/29 00:48:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/07/26 20:50:17 | 000,001,830 | -H-- | M] () -- C:\Windows\EPMBatch.ept
    [2012/07/24 20:01:23 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
    [2012/07/24 18:58:00 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2012/07/23 07:04:40 | 000,986,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/23 07:04:40 | 000,816,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/23 07:04:40 | 000,168,488 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/22 22:11:25 | 001,835,008 | ---- | M] () -- C:\Users\Craig Lick\Documents\TrueCrypt Rescue Disk.iso
    [2012/07/22 11:14:49 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/07/19 20:50:42 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.5.lnk
    [2012/07/19 20:47:06 | 000,001,436 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    [2012/07/15 21:03:25 | 005,072,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/11 16:17:41 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2012/07/11 16:17:40 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2012/07/11 16:17:40 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

    ========== Files Created - No Company Name ==========

    [2012/08/04 22:47:48 | 001,552,384 | ---- | C] () -- C:\Users\Craig Lick\Desktop\RogueKiller.exe
    [2012/08/04 17:17:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/04 17:17:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/04 17:17:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/04 17:17:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/04 17:17:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/04 15:39:56 | 519,018,446 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/04 10:16:26 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 15:40:55 | 000,600,239 | ---- | C] () -- C:\Users\Craig Lick\Desktop\Help.x_t
    [2012/07/24 20:01:23 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
    [2012/07/24 20:01:23 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    [2012/07/24 18:58:00 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    [2012/07/24 18:58:00 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
    [2012/07/22 22:11:25 | 001,835,008 | ---- | C] () -- C:\Users\Craig Lick\Documents\TrueCrypt Rescue Disk.iso
    [2012/07/21 10:58:57 | 000,001,830 | -H-- | C] () -- C:\Windows\EPMBatch.ept
    [2012/07/19 20:50:43 | 000,048,776 | ---- | C] () -- C:\Windows\SysNative\drivers\EUBKMON.sys
    [2012/07/19 20:50:42 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.5.lnk
    [2012/07/19 20:47:06 | 000,001,436 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    [2012/07/19 20:47:04 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
    [2012/07/19 20:47:04 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2012/07/19 20:47:04 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
    [2012/07/19 20:47:04 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2012/07/19 20:47:04 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
    [2012/07/19 20:47:04 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
    [2012/07/19 20:47:04 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
    [2012/07/19 20:47:03 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2012/07/19 20:47:03 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2012/07/19 20:47:03 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2012/05/28 19:23:19 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2012/03/29 18:36:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
    [2011/12/10 16:23:13 | 000,870,128 | ---- | C] () -- C:\Users\Craig Lick\AppData\Roaming\mcs.rma
    [2011/10/01 13:54:55 | 000,007,594 | ---- | C] () -- C:\Users\Craig Lick\AppData\Local\Resmon.ResmonCfg
    [2011/08/23 12:12:24 | 000,000,080 | ---- | C] () -- C:\Users\Craig Lick\CAMPUS.ppf
    [2011/08/22 16:39:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
    [2011/08/22 16:39:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
    [2011/08/22 16:39:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
    [2011/08/22 16:39:09 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
    [2011/08/22 16:39:08 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
    [2011/08/22 16:39:08 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
    [2011/08/22 16:39:08 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
    [2011/08/22 16:39:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
    [2011/08/22 16:39:08 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
    [2011/08/22 16:39:08 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
    [2011/08/22 16:39:08 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
    [2011/08/22 16:39:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
    [2011/08/22 16:39:08 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
    [2011/08/22 16:39:08 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
    [2011/08/22 16:39:08 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
    [2011/08/22 16:39:08 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
    [2011/08/22 16:39:08 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
    [2011/08/05 18:52:12 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/14 21:13:03 | 000,002,140 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/07/14 21:13:03 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/05/11 19:38:12 | 000,940,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/18 12:16:16 | 000,221,593 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2010/12/18 12:16:15 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2010/11/28 19:24:33 | 000,000,254 | ---- | C] () -- C:\Windows\solvermfc.INI
    [2010/11/25 16:24:05 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2010/09/01 16:28:24 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2010/09/01 14:06:11 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/09/01 14:06:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/01 14:00:24 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

    ========== LOP Check ==========

    [2012/04/19 20:06:51 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\3Dconnexion
    [2011/01/08 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Acme Photo ScreenSaver Maker
    [2012/05/28 17:07:32 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\BitTorrent
    [2010/09/07 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Broadcom
    [2012/07/24 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Canneverbe Limited
    [2012/05/28 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\com.adobe.WidgetBrowser
    [2011/10/22 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\DassaultSystemes
    [2010/11/28 19:26:31 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\EDrawings
    [2010/09/07 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\GetRightToGo
    [2012/07/24 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\ImgBurn
    [2010/10/31 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Leadertech
    [2012/02/27 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\LimeWire
    [2010/11/25 19:24:24 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Luxology
    [2012/05/28 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\PACE Anti-Piracy
    [2012/03/22 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Peachtree
    [2012/05/28 19:24:21 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/07/23 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\TrueCrypt
    [2010/09/07 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\Wave Systems Corp
    [2011/05/11 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\webex
    [2011/10/23 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Craig Lick\AppData\Roaming\x-formation
    [2012/08/04 16:12:55 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:SelsBHa6ZApS7qDLZ
    @Alternate Data Stream - 1188 bytes -> C:\Program Files\Common Files\Microsoft Shared:CIkCIaU1DUKs6txKbReTFWe
    @Alternate Data Stream - 1101 bytes -> C:\ProgramData\Microsoft:4rNrgZNwpXNbX9cRvNfyCmv
    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
      O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
      O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
      O15 - HKU\S-1-5-21-3786357333-3721308993-2941691671-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:SelsBHa6ZApS7qDLZ
      @Alternate Data Stream - 1188 bytes -> C:\Program Files\Common Files\Microsoft Shared:CIkCIaU1DUKs6txKbReTFWe
      @Alternate Data Stream - 1101 bytes -> C:\ProgramData\Microsoft:4rNrgZNwpXNbX9cRvNfyCmv
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3786357333-3721308993-2941691671-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rhapsody.com\rhap-app-4-0\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3786357333-3721308993-2941691671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rhapsody.com\rhapreg\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\ProgramData\Microsoft:SelsBHa6ZApS7qDLZ deleted successfully.
    ADS C:\Program Files\Common Files\Microsoft Shared:CIkCIaU1DUKs6txKbReTFWe deleted successfully.
    ADS C:\ProgramData\Microsoft:4rNrgZNwpXNbX9cRvNfyCmv deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Craig Lick
    ->Temp folder emptied: 78554326 bytes
    ->Temporary Internet Files folder emptied: 163062845 bytes
    ->Java cache emptied: 1632740 bytes
    ->Google Chrome cache emptied: 44445451 bytes
    ->Flash cache emptied: 84581 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 77802 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 918 bytes

    Total Files Cleaned = 275.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Craig Lick
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Craig Lick
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08052012_004015
    Files\Folders moved on Reboot...
    C:\Users\Craig Lick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Craig Lick\AppData\Local\Temp\~DFF381BC66038DC17C.TMP not found!
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS7G9FT5\google_com[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCW2H15V\RteFrame_16.4.9814.0801[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCW2H15V\xmlProxy[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBOXY5J8\ads[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBOXY5J8\navbar[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYLI9BHN\AjaxHistoryFrame[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYLI9BHN\fastbutton[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYLI9BHN\flextag[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4A4FUL7\resourcespreload[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4A4FUL7\search[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB6M29IY\ads[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETQ8IV3L\bidvertiser[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETQ8IV3L\LocalStorage[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETQ8IV3L\Messenger[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2AT8FDO\xmlProxy[2].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1WNRWOC\comment-iframe[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1WNRWOC\xmlProxy[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB9AJG6M\ads[2].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB9AJG6M\bidvertiser[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TXD0U3\bidvertiser[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TXD0U3\default[1].htm moved successfully.
    C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TXD0U3\ifr[1].htm moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_WORKSTATION$\1704 not found!
    File move failed. C:\Windows\temp\FwProxyError.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\Users\Craig Lick\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Craig Lick\AppData\Local\Temp\~DFF381BC66038DC17C.TMP not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS7G9FT5\google_com[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCW2H15V\RteFrame_16.4.9814.0801[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCW2H15V\xmlProxy[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBOXY5J8\ads[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBOXY5J8\navbar[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYLI9BHN\AjaxHistoryFrame[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYLI9BHN\fastbutton[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYLI9BHN\flextag[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4A4FUL7\resourcespreload[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4A4FUL7\search[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB6M29IY\ads[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETQ8IV3L\bidvertiser[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETQ8IV3L\LocalStorage[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETQ8IV3L\Messenger[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2AT8FDO\xmlProxy[2].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1WNRWOC\comment-iframe[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1WNRWOC\xmlProxy[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB9AJG6M\ads[2].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB9AJG6M\bidvertiser[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TXD0U3\bidvertiser[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TXD0U3\default[1].htm not found!
    File C:\Users\Craig Lick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93TXD0U3\ifr[1].htm not found!
    File C:\Windows\temp\hsperfdata_WORKSTATION$\1704 not found!
    [2010/11/25 22:33:35 | 000,000,000 | ---- | M] () C:\Windows\temp\FwProxyError.log : Unable to obtain MD5
    [2012/08/05 00:46:52 | 000,000,000 | ---- | M] () C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D : Unable to obtain MD5
    Registry entries deleted on Reboot...
  25. clickbang

    clickbang Newcomer, in training Topic Starter Posts: 30

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Trend Micro Client/Server Security Agent Antivirus
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.60
    Google Chrome plugins...
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe
    Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe
    Trend Micro Client Server Security Agent Misc xpupg.exe
    Trend Micro Client Server Security Agent pccntupd.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.