System Check virus removed but Internet not working

Inactive
By nautilus808
Feb 8, 2012
  1. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    i think they are all the same :
    21:32:57.0201 4004 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    21:32:57.0205 4004 ============================================================
    21:32:57.0205 4004 Current date / time: 2012/02/09 21:32:57.0205
    21:32:57.0205 4004 SystemInfo:
    21:32:57.0205 4004
    21:32:57.0205 4004 OS Version: 6.0.6002 ServicePack: 2.0
    21:32:57.0205 4004 Product type: Workstation
    21:32:57.0205 4004 ComputerName: PONDALEX-PC
    21:32:57.0206 4004 UserName: Pondalex
    21:32:57.0206 4004 Windows directory: C:\Windows
    21:32:57.0206 4004 System windows directory: C:\Windows
    21:32:57.0206 4004 Processor architecture: Intel x86
    21:32:57.0206 4004 Number of processors: 4
    21:32:57.0206 4004 Page size: 0x1000
    21:32:57.0206 4004 Boot type: Normal boot
    21:32:57.0206 4004 ============================================================
    21:32:57.0872 4004 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:32:57.0874 4004 Drive \Device\Harddisk1\DR2 - Size: 0xEEBF8000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:32:57.0875 4004 \Device\Harddisk0\DR0:
    21:32:57.0875 4004 MBR used
    21:32:57.0875 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
    21:32:57.0875 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x48A3C000
    21:32:57.0875 4004 \Device\Harddisk1\DR2:
    21:32:57.0876 4004 MBR used
    21:32:57.0876 4004 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x775AC1
    21:32:57.0938 4004 Initialize success
    21:32:57.0938 4004 ============================================================
    21:33:10.0035 6016 ============================================================
    21:33:10.0035 6016 Scan started
    21:33:10.0035 6016 Mode: Manual;
    21:33:10.0035 6016 ============================================================
    21:33:10.0396 6016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:33:10.0398 6016 ACPI - ok
    21:33:10.0484 6016 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    21:33:10.0495 6016 adp94xx - ok
    21:33:10.0522 6016 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    21:33:10.0530 6016 adpahci - ok
    21:33:10.0574 6016 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    21:33:10.0578 6016 adpu160m - ok
    21:33:10.0604 6016 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    21:33:10.0610 6016 adpu320 - ok
    21:33:10.0657 6016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    21:33:10.0791 6016 AFD - ok
    21:33:10.0815 6016 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    21:33:10.0819 6016 agp440 - ok
    21:33:10.0835 6016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:33:10.0840 6016 aic78xx - ok
    21:33:10.0885 6016 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    21:33:10.0889 6016 aliide - ok
    21:33:10.0947 6016 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    21:33:10.0950 6016 amdagp - ok
    21:33:10.0964 6016 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    21:33:10.0969 6016 amdide - ok
    21:33:10.0985 6016 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    21:33:10.0988 6016 AmdK7 - ok
    21:33:10.0998 6016 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    21:33:11.0001 6016 AmdK8 - ok
    21:33:11.0137 6016 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:33:11.0406 6016 amdkmdag - ok
    21:33:11.0506 6016 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys
    21:33:11.0636 6016 amdkmdap - ok
    21:33:11.0702 6016 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    21:33:11.0706 6016 arc - ok
    21:33:11.0732 6016 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    21:33:11.0737 6016 arcsas - ok
    21:33:11.0764 6016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:33:11.0766 6016 AsyncMac - ok
    21:33:11.0794 6016 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    21:33:11.0798 6016 atapi - ok
    21:33:11.0863 6016 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
    21:33:11.0997 6016 AtiHDAudioService - ok
    21:33:12.0179 6016 atikmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:33:12.0216 6016 atikmdag - ok
    21:33:12.0262 6016 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    21:33:12.0265 6016 BCM43XX - ok
    21:33:12.0330 6016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:33:12.0332 6016 Beep - ok
    21:33:12.0371 6016 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    21:33:12.0374 6016 blbdrive - ok
    21:33:12.0427 6016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:33:12.0471 6016 bowser - ok
    21:33:12.0493 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:33:12.0498 6016 BrFiltLo - ok
    21:33:12.0517 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:33:12.0522 6016 BrFiltUp - ok
    21:33:12.0545 6016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:33:12.0551 6016 Brserid - ok
    21:33:12.0587 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:33:12.0592 6016 BrSerWdm - ok
    21:33:12.0610 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:33:12.0613 6016 BrUsbMdm - ok
    21:33:12.0620 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:33:12.0625 6016 BrUsbSer - ok
    21:33:12.0645 6016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:33:12.0649 6016 BTHMODEM - ok
    21:33:12.0704 6016 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
    21:33:12.0752 6016 BVRPMPR5 - ok
    21:33:12.0850 6016 catchme - ok
    21:33:12.0860 6016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:33:12.0864 6016 cdfs - ok
    21:33:12.0910 6016 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\Windows\system32\drivers\cdrbsdrv.sys
    21:33:12.0992 6016 cdrbsdrv - ok
    21:33:13.0034 6016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    21:33:13.0040 6016 cdrom - ok
    21:33:13.0092 6016 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
    21:33:13.0137 6016 cfwids - ok
    21:33:13.0162 6016 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    21:33:13.0167 6016 circlass - ok
    21:33:13.0214 6016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:33:13.0220 6016 CLFS - ok
    21:33:13.0248 6016 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    21:33:13.0252 6016 cmdide - ok
    21:33:13.0291 6016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    21:33:13.0293 6016 Compbatt - ok
    21:33:13.0329 6016 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
    21:33:13.0440 6016 cpuz135 - ok
    21:33:13.0486 6016 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    21:33:13.0489 6016 crcdisk - ok
    21:33:13.0518 6016 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    21:33:13.0523 6016 Crusoe - ok
    21:33:13.0566 6016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:33:13.0609 6016 DfsC - ok
    21:33:13.0622 6016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:33:13.0626 6016 disk - ok
    21:33:13.0687 6016 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    21:33:13.0694 6016 Dot4 - ok
    21:33:13.0732 6016 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    21:33:13.0734 6016 Dot4Print - ok
    21:33:13.0772 6016 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    21:33:13.0776 6016 dot4usb - ok
    21:33:13.0824 6016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:33:13.0830 6016 drmkaud - ok
    21:33:13.0875 6016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:33:13.0879 6016 DXGKrnl - ok
    21:33:13.0901 6016 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
    21:33:13.0911 6016 e1express - ok
    21:33:13.0941 6016 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:33:13.0947 6016 E1G60 - ok
    21:33:14.0003 6016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:33:14.0010 6016 Ecache - ok
    21:33:14.0041 6016 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    21:33:14.0050 6016 elxstor - ok
    21:33:14.0092 6016 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    21:33:14.0094 6016 ErrDev - ok
    21:33:14.0164 6016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:33:14.0169 6016 exfat - ok
    21:33:14.0205 6016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:33:14.0211 6016 fastfat - ok
    21:33:14.0237 6016 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    21:33:14.0242 6016 fdc - ok
    21:33:14.0282 6016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:33:14.0285 6016 FileInfo - ok
    21:33:14.0330 6016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:33:14.0332 6016 Filetrace - ok
    21:33:14.0367 6016 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:33:14.0371 6016 flpydisk - ok
    21:33:14.0397 6016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:33:14.0400 6016 FltMgr - ok
    21:33:14.0430 6016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    21:33:14.0435 6016 Fs_Rec - ok
    21:33:14.0456 6016 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    21:33:14.0462 6016 gagp30kx - ok
    21:33:14.0519 6016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:33:14.0562 6016 GEARAspiWDM - ok
    21:33:14.0606 6016 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    21:33:14.0612 6016 HdAudAddService - ok
    21:33:14.0673 6016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:33:14.0677 6016 HDAudBus - ok
    21:33:14.0708 6016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:33:14.0711 6016 HidBth - ok
    21:33:14.0730 6016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    21:33:14.0734 6016 HidIr - ok
    21:33:14.0758 6016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    21:33:14.0762 6016 HidUsb - ok
    21:33:14.0797 6016 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    21:33:14.0802 6016 HpCISSs - ok
    21:33:14.0863 6016 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\Windows\system32\DRIVERS\HPZid412.sys
    21:33:14.0871 6016 HPZid412 - ok
    21:33:14.0890 6016 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\Windows\system32\DRIVERS\HPZipr12.sys
    21:33:14.0943 6016 HPZipr12 - ok
    21:33:14.0993 6016 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
    21:33:15.0028 6016 HPZius12 - ok
    21:33:15.0069 6016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    21:33:15.0080 6016 HTTP - ok
    21:33:15.0105 6016 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    21:33:15.0110 6016 i2omp - ok
    21:33:15.0134 6016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:33:15.0139 6016 i8042prt - ok
    21:33:15.0187 6016 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
    21:33:15.0189 6016 iaStor - ok
    21:33:15.0213 6016 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    21:33:15.0221 6016 iaStorV - ok
    21:33:15.0239 6016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:33:15.0244 6016 iirsp - ok
    21:33:15.0260 6016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    21:33:15.0263 6016 intelide - ok
    21:33:15.0289 6016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:33:15.0289 6016 intelppm - ok
    21:33:15.0317 6016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:33:15.0321 6016 IpFilterDriver - ok
    21:33:15.0328 6016 IpInIp - ok
    21:33:15.0349 6016 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    21:33:15.0353 6016 IPMIDRV - ok
    21:33:15.0369 6016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:33:15.0373 6016 IPNAT - ok
    21:33:15.0392 6016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:33:15.0396 6016 IRENUM - ok
    21:33:15.0416 6016 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    21:33:15.0419 6016 isapnp - ok
    21:33:15.0455 6016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:33:15.0456 6016 iScsiPrt - ok
    21:33:15.0482 6016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:33:15.0486 6016 iteatapi - ok
    21:33:15.0540 6016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:33:15.0543 6016 iteraid - ok
    21:33:15.0551 6016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:33:15.0553 6016 kbdclass - ok
    21:33:15.0582 6016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:33:15.0587 6016 kbdhid - ok
    21:33:15.0656 6016 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    21:33:15.0725 6016 KSecDD - ok
    21:33:15.0749 6016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:33:15.0754 6016 lltdio - ok
    21:33:15.0788 6016 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    21:33:15.0793 6016 LSI_FC - ok
    21:33:15.0817 6016 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    21:33:15.0821 6016 LSI_SAS - ok
    21:33:15.0849 6016 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    21:33:15.0856 6016 LSI_SCSI - ok
    21:33:15.0882 6016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:33:15.0885 6016 luafv - ok
    21:33:15.0914 6016 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
    21:33:16.0028 6016 LVPr2Mon - ok
    21:33:16.0066 6016 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
    21:33:16.0217 6016 LVRS - ok
    21:33:16.0275 6016 lvselsus (9dd54f584758dbe8db56e218bd60874d) C:\Windows\system32\DRIVERS\lvselsus.sys
    21:33:16.0359 6016 lvselsus - ok
    21:33:16.0391 6016 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
    21:33:16.0474 6016 LVUSBSta - ok
    21:33:16.0570 6016 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\Windows\system32\DRIVERS\lvuvc.sys
    21:33:16.0698 6016 LVUVC - ok
    21:33:16.0718 6016 MCSTRM - ok
    21:33:16.0749 6016 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    21:33:16.0752 6016 megasas - ok
    21:33:16.0784 6016 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    21:33:16.0793 6016 MegaSR - ok
    21:33:16.0834 6016 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
    21:33:16.0880 6016 mfeapfk - ok
    21:33:16.0939 6016 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
    21:33:17.0020 6016 mfeavfk - ok
    21:33:17.0027 6016 mfeavfk01 - ok
    21:33:17.0072 6016 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
    21:33:17.0117 6016 mfebopk - ok
    21:33:17.0149 6016 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
    21:33:17.0201 6016 mfefirek - ok
    21:33:17.0274 6016 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
    21:33:17.0401 6016 mfehidk - ok
    21:33:17.0435 6016 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
    21:33:17.0480 6016 mfenlfk - ok
    21:33:17.0552 6016 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
    21:33:17.0599 6016 mferkdet - ok
    21:33:17.0645 6016 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
    21:33:17.0693 6016 mferkdk - ok
    21:33:17.0737 6016 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
    21:33:17.0783 6016 mfesmfk - ok
    21:33:17.0817 6016 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
    21:33:17.0867 6016 mfewfpk - ok
    21:33:17.0916 6016 MOBK755Filter (720f2e1759526ec6d6d95cb284cf62d9) C:\Windows\system32\DRIVERS\MOBK755.sys
    21:33:17.0999 6016 MOBK755Filter - ok
    21:33:18.0043 6016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:33:18.0048 6016 Modem - ok
    21:33:18.0077 6016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:33:18.0077 6016 monitor - ok
    21:33:18.0085 6016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:33:18.0088 6016 mouclass - ok
    21:33:18.0099 6016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    21:33:18.0104 6016 mouhid - ok
    21:33:18.0114 6016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:33:18.0116 6016 MountMgr - ok
    21:33:18.0142 6016 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    21:33:18.0147 6016 mpio - ok
    21:33:18.0168 6016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:33:18.0173 6016 mpsdrv - ok
    21:33:18.0195 6016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:33:18.0200 6016 Mraid35x - ok
    21:33:18.0239 6016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:33:18.0244 6016 MRxDAV - ok
    21:33:18.0295 6016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:33:18.0378 6016 mrxsmb - ok
    21:33:18.0429 6016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:33:18.0514 6016 mrxsmb10 - ok
    21:33:18.0522 6016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:33:18.0605 6016 mrxsmb20 - ok
    21:33:18.0650 6016 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    21:33:18.0654 6016 msahci - ok
    21:33:18.0675 6016 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    21:33:18.0680 6016 msdsm - ok
    21:33:18.0707 6016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:33:18.0712 6016 Msfs - ok
    21:33:18.0719 6016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:33:18.0721 6016 msisadrv - ok
    21:33:18.0756 6016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:33:18.0761 6016 MSKSSRV - ok
    21:33:18.0783 6016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:33:18.0785 6016 MSPCLOCK - ok
    21:33:18.0796 6016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:33:18.0799 6016 MSPQM - ok
    21:33:18.0833 6016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:33:18.0839 6016 MsRPC - ok
    21:33:18.0849 6016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:33:18.0849 6016 mssmbios - ok
    21:33:18.0914 6016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:33:18.0918 6016 MSTEE - ok
    21:33:18.0948 6016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:33:18.0951 6016 Mup - ok
    21:33:19.0011 6016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:33:19.0016 6016 NativeWifiP - ok
    21:33:19.0053 6016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:33:19.0057 6016 NDIS - ok
    21:33:19.0073 6016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:33:19.0075 6016 NdisTapi - ok
    21:33:19.0086 6016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:33:19.0092 6016 Ndisuio - ok
    21:33:19.0110 6016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:33:19.0116 6016 NdisWan - ok
    21:33:19.0128 6016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:33:19.0131 6016 NDProxy - ok
    21:33:19.0149 6016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:33:19.0154 6016 NetBIOS - ok
    21:33:19.0180 6016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    21:33:19.0185 6016 netbt - ok
    21:33:19.0216 6016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:33:19.0221 6016 nfrd960 - ok
    21:33:19.0263 6016 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
    21:33:19.0349 6016 NPF - ok
    21:33:19.0385 6016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:33:19.0388 6016 Npfs - ok
    21:33:19.0396 6016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:33:19.0398 6016 nsiproxy - ok
    21:33:19.0432 6016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:33:19.0459 6016 Ntfs - ok
    21:33:19.0483 6016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:33:19.0487 6016 ntrigdigi - ok
    21:33:19.0513 6016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:33:19.0517 6016 Null - ok
    21:33:19.0543 6016 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    21:33:19.0548 6016 nvraid - ok
    21:33:19.0567 6016 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    21:33:19.0570 6016 nvstor - ok
    21:33:19.0591 6016 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    21:33:19.0597 6016 nv_agp - ok
    21:33:19.0604 6016 NwlnkFlt - ok
    21:33:19.0611 6016 NwlnkFwd - ok
    21:33:19.0653 6016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:33:19.0653 6016 ohci1394 - ok
    21:33:19.0680 6016 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS
    21:33:19.0749 6016 OMCI - ok
    21:33:19.0778 6016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:33:19.0782 6016 Parport - ok
    21:33:19.0812 6016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    21:33:19.0816 6016 partmgr - ok
    21:33:19.0850 6016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:33:19.0854 6016 Parvdm - ok
    21:33:19.0907 6016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:33:19.0908 6016 pci - ok
    21:33:19.0949 6016 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    21:33:19.0952 6016 pciide - ok
    21:33:19.0976 6016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    21:33:19.0981 6016 pcmcia - ok
    21:33:20.0030 6016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:33:20.0052 6016 PEAUTH - ok
    21:33:20.0094 6016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:33:20.0099 6016 PptpMiniport - ok
    21:33:20.0125 6016 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    21:33:20.0129 6016 Processor - ok
    21:33:20.0179 6016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:33:20.0183 6016 PSched - ok
    21:33:20.0208 6016 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    21:33:20.0287 6016 PxHelp20 - ok
    21:33:20.0340 6016 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    21:33:20.0384 6016 ql2300 - ok
    21:33:20.0403 6016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:33:20.0406 6016 ql40xx - ok
    21:33:20.0430 6016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:33:20.0433 6016 QWAVEdrv - ok
    21:33:20.0578 6016 R300 (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:33:20.0616 6016 R300 - ok
    21:33:20.0632 6016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:33:20.0636 6016 RasAcd - ok
    21:33:20.0648 6016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:33:20.0653 6016 Rasl2tp - ok
    21:33:20.0684 6016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:33:20.0688 6016 RasPppoe - ok
    21:33:20.0717 6016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:33:20.0722 6016 RasSstp - ok
    21:33:20.0746 6016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:33:20.0754 6016 rdbss - ok
    21:33:20.0805 6016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:33:20.0807 6016 RDPCDD - ok
    21:33:20.0861 6016 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    21:33:20.0868 6016 rdpdr - ok
    21:33:20.0902 6016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:33:20.0906 6016 RDPENCDD - ok
    21:33:20.0940 6016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    21:33:20.0958 6016 RDPWD - ok
    21:33:21.0017 6016 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    21:33:21.0102 6016 RimUsb - ok
    21:33:21.0141 6016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:33:21.0145 6016 rspndr - ok
    21:33:21.0176 6016 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
    21:33:21.0180 6016 sbp2port - ok
    21:33:21.0198 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:33:21.0201 6016 secdrv - ok
    21:33:21.0227 6016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:33:21.0231 6016 Serenum - ok
    21:33:21.0256 6016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:33:21.0263 6016 Serial - ok
    21:33:21.0289 6016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:33:21.0292 6016 sermouse - ok
    21:33:21.0324 6016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    21:33:21.0327 6016 sffdisk - ok
    21:33:21.0345 6016 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    21:33:21.0347 6016 sffp_mmc - ok
    21:33:21.0365 6016 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    21:33:21.0374 6016 sffp_sd - ok
    21:33:21.0382 6016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    21:33:21.0386 6016 sfloppy - ok
    21:33:21.0434 6016 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    21:33:21.0437 6016 sisagp - ok
    21:33:21.0476 6016 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    21:33:21.0481 6016 SiSRaid2 - ok
    21:33:21.0502 6016 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    21:33:21.0505 6016 SiSRaid4 - ok
    21:33:21.0547 6016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:33:21.0550 6016 Smb - ok
    21:33:21.0607 6016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:33:21.0611 6016 spldr - ok
    21:33:21.0687 6016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:33:21.0773 6016 srv - ok
    21:33:21.0830 6016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:33:21.0935 6016 srv2 - ok
    21:33:21.0971 6016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:33:22.0016 6016 srvnet - ok
    21:33:22.0056 6016 STHDA - ok
    21:33:22.0097 6016 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    21:33:22.0100 6016 StillCam - ok
    21:33:22.0127 6016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:33:22.0130 6016 swenum - ok
    21:33:22.0155 6016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:33:22.0159 6016 Symc8xx - ok
    21:33:22.0170 6016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:33:22.0174 6016 Sym_hi - ok
    21:33:22.0190 6016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:33:22.0193 6016 Sym_u3 - ok
    21:33:22.0271 6016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    21:33:22.0327 6016 Tcpip - ok
    21:33:22.0354 6016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    21:33:22.0360 6016 Tcpip6 - ok
    21:33:22.0383 6016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    21:33:22.0388 6016 tcpipreg - ok
    21:33:22.0420 6016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:33:22.0424 6016 TDPIPE - ok
    21:33:22.0447 6016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:33:22.0452 6016 TDTCP - ok
    21:33:22.0513 6016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    21:33:22.0518 6016 tdx - ok
    21:33:22.0546 6016 tenCapture (4333a34011814af753004419f42797aa) C:\Windows\system32\DRIVERS\tenCapture.sys
    21:33:22.0589 6016 tenCapture - ok
    21:33:22.0620 6016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:33:22.0626 6016 TermDD - ok
    21:33:22.0675 6016 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
    21:33:22.0797 6016 TrojanKillerDriver - ok
    21:33:22.0847 6016 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
    21:33:22.0895 6016 truecrypt - ok
    21:33:22.0946 6016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:33:22.0951 6016 tssecsrv - ok
    21:33:22.0974 6016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:33:22.0978 6016 tunmp - ok
    21:33:23.0007 6016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    21:33:23.0012 6016 tunnel - ok
    21:33:23.0040 6016 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    21:33:23.0045 6016 uagp35 - ok
    21:33:23.0096 6016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:33:23.0104 6016 udfs - ok
    21:33:23.0121 6016 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    21:33:23.0125 6016 uliagpkx - ok
    21:33:23.0144 6016 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    21:33:23.0151 6016 uliahci - ok
    21:33:23.0192 6016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:33:23.0198 6016 UlSata - ok
    21:33:23.0213 6016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:33:23.0218 6016 ulsata2 - ok
    21:33:23.0265 6016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:33:23.0269 6016 umbus - ok
    21:33:23.0314 6016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    21:33:23.0395 6016 USBAAPL - ok
    21:33:23.0429 6016 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    21:33:23.0433 6016 usbaudio - ok
    21:33:23.0463 6016 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
    21:33:23.0508 6016 usbbus - ok
    21:33:23.0556 6016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:33:23.0561 6016 usbccgp - ok
    21:33:23.0586 6016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:33:23.0591 6016 usbcir - ok
    21:33:23.0637 6016 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    21:33:23.0714 6016 UsbDiag - ok
    21:33:23.0745 6016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:33:23.0749 6016 usbehci - ok
    21:33:23.0776 6016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:33:23.0781 6016 usbhub - ok
    21:33:23.0816 6016 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    21:33:23.0864 6016 USBModem - ok
    21:33:23.0901 6016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    21:33:23.0904 6016 usbohci - ok
    21:33:23.0943 6016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    21:33:23.0948 6016 usbprint - ok
    21:33:23.0982 6016 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    21:33:23.0986 6016 usbscan - ok
    21:33:24.0020 6016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:33:24.0023 6016 USBSTOR - ok
    21:33:24.0037 6016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:33:24.0041 6016 usbuhci - ok
    21:33:24.0076 6016 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    21:33:24.0082 6016 usbvideo - ok
    21:33:24.0106 6016 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:33:24.0109 6016 vga - ok
    21:33:24.0139 6016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:33:24.0145 6016 VgaSave - ok
    21:33:24.0173 6016 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    21:33:24.0178 6016 viaagp - ok
    21:33:24.0200 6016 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    21:33:24.0203 6016 ViaC7 - ok
    21:33:24.0225 6016 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    21:33:24.0228 6016 viaide - ok
    21:33:24.0236 6016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:33:24.0241 6016 volmgr - ok
    21:33:24.0284 6016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:33:24.0290 6016 volmgrx - ok
    21:33:24.0340 6016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:33:24.0344 6016 volsnap - ok
    21:33:24.0372 6016 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    21:33:24.0376 6016 vsmraid - ok
    21:33:24.0406 6016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:33:24.0408 6016 WacomPen - ok
    21:33:24.0435 6016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:33:24.0441 6016 Wanarp - ok
    21:33:24.0443 6016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:33:24.0444 6016 Wanarpv6 - ok
    21:33:24.0481 6016 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    21:33:24.0483 6016 Wd - ok
    21:33:24.0518 6016 Wdf01000 (a1bd4ad37b361199dc326cccc9c179de) C:\Windows\system32\drivers\Wdf01000.sys
    21:33:24.0529 6016 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: a1bd4ad37b361199dc326cccc9c179de, Fake md5: b6f0a7ad6d4bd325fbcd8bac96cd8d96
    21:33:24.0530 6016 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
    21:33:24.0530 6016 Wdf01000 - detected Virus.Win32.Rloader.a (0)
    21:33:24.0576 6016 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
    21:33:24.0579 6016 WinUsb - ok
    21:33:24.0617 6016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    21:33:24.0621 6016 WmiAcpi - ok
    21:33:24.0674 6016 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    21:33:24.0676 6016 WpdUsb - ok
    21:33:24.0707 6016 WPRO_40_1340 - ok
    21:33:24.0741 6016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:33:24.0744 6016 ws2ifsl - ok
    21:33:24.0773 6016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:33:24.0779 6016 WUDFRd - ok
    21:33:24.0803 6016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    21:33:24.0835 6016 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    21:33:24.0835 6016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    21:33:24.0840 6016 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
    21:33:24.0843 6016 \Device\Harddisk1\DR2 - ok
    21:33:24.0873 6016 Boot (0x1200) (a438bc4003d97eebffe169bc38275383) \Device\Harddisk0\DR0\Partition0
    21:33:24.0874 6016 \Device\Harddisk0\DR0\Partition0 - ok
    21:33:24.0886 6016 Boot (0x1200) (f68e6ccd177415f807a3da52aee8e297) \Device\Harddisk0\DR0\Partition1
    21:33:24.0887 6016 \Device\Harddisk0\DR0\Partition1 - ok
    21:33:24.0890 6016 Boot (0x1200) (21b0ad21697a028123440288b18134c3) \Device\Harddisk1\DR2\Partition0
    21:33:24.0891 6016 \Device\Harddisk1\DR2\Partition0 - ok
    21:33:24.0891 6016 ============================================================
    21:33:24.0891 6016 Scan finished
    21:33:24.0891 6016 ============================================================
    21:33:24.0901 5240 Detected object count: 2
    21:33:24.0901 5240 Actual detected object count: 2
    21:33:54.0294 5240 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
    21:34:00.0776 5240 Backup copy not found, trying to cure infected file..
    21:34:00.0779 5240 Cure success, using it..
    21:34:00.0789 5240 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
    21:34:00.0789 5240 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
    21:34:00.0910 5240 \Device\Harddisk0\DR0\# - copied to quarantine
    21:34:00.0911 5240 \Device\Harddisk0\DR0 - copied to quarantine
    21:34:00.0972 5240 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    21:34:00.0975 5240 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    21:34:00.0979 5240 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    21:34:00.0982 5240 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    21:34:00.0985 5240 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    21:34:01.0031 5240 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    21:34:01.0035 5240 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    21:34:01.0038 5240 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    21:34:01.0041 5240 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    21:34:01.0093 5240 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    21:34:01.0101 5240 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    21:34:01.0104 5240 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    21:34:01.0108 5240 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    21:34:01.0111 5240 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    21:34:01.0115 5240 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    21:34:01.0118 5240 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    21:34:01.0123 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    21:34:01.0123 5240 \Device\Harddisk0\DR0 - ok
    21:34:01.0243 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    21:34:26.0285 2516 Deinitialize success
  2. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Very well.

    Post new Bootkit Remover log.

    See if aswMBR will run now.
  3. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    Some more info.....
    TDSkiller found and cured to viruses.
    TDSkiller created about 2000 duplicate logs that look like the one i posted....tdskiller
    It made countless folders as well. 2 noteworthy folders appear to be contained in a folder called "tdsskiller_quarantine" are mbr0000 and rtkt000.
  4. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3700000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  5. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    aswMBR was not able to update itself since the infected computer does not have internet connection.

    aswMBR was able to scan.
    Please see below

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-09 22:27:35
    -----------------------------
    22:27:35.859 OS Version: Windows 6.0.6002 Service Pack 2
    22:27:35.859 Number of processors: 4 586 0xF0B
    22:27:35.860 ComputerName: PONDALEX-PC UserName: Pondalex
    22:27:37.108 Initialize success
    22:27:50.789 AVAST engine download error: 0
    22:27:57.270 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:27:57.272 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    22:27:57.281 Disk 0 MBR read successfully
    22:27:57.283 Disk 0 MBR scan
    22:27:57.285 Disk 0 Windows VISTA default MBR code
    22:27:57.287 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    22:27:57.293 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
    22:27:57.306 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595064 MB offset 31569920
    22:27:57.310 Disk 0 scanning sectors +1250260992
    22:27:57.382 Disk 0 scanning C:\Windows\system32\drivers
    22:28:08.280 Service scanning
    22:28:10.453 Modules scanning
    22:28:21.247 Disk 0 trace - called modules:
    22:28:21.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    22:28:21.283 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a83eac8]
    22:28:21.287 3 CLASSPNP.SYS[8e9c28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89b44028]
    22:28:21.291 Scan finished successfully
    22:29:49.958 Disk 0 MBR has been saved successfully to "C:\Users\Pondalex\Desktop\MBR.dat"
    22:29:49.967 The log file has been saved successfully to "C:\Users\Pondalex\Desktop\aswMBR log.txt"
  6. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    All those logs look good now.

    We'll see about your internet connection.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    i have McAfee, how do i disable it?
  8. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    It's included in Combofix instruction if you read them carefully as you should:
  9. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    i unistalled mcafee but combofix stilll indicates that it is running
  10. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    I got a message from ms windows indicating that "freeware implemenation of XCACLS" has stopped working"

    Combofix ran all night. It was a ble screen that said ' scanning for infected files.........this takes 10 minutes, however may take longer with badly infected machines......."

    All programs shut down b4 running combofix. Mcaffe unistalled but when combofix start up it says that mcaffee anitvieus and antispyware is running?
  11. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    Tried to ru combofix second time. Got a message saying recyclebin is corrupted, do u want to delete these files? i said yes....
     
  12. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Don't worry about it.

    Good.
  13. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    combofix wont get passed "however this scan times take a long time for badly infected machines may easily double....."
  14. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    ...
  15. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    Also the computer beeps 2 times when i initiate combofix..
    It also repeats the message " recycle bin i corrupted. do u want to empty.....
  16. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Did you say "Yes"?
    Then read my previous reply.
  17. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    got it!Thanks for all ur time. Running from safe mode.......
  18. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Cool............
  19. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    I ran rkill. here is the log sheet:
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/10/2012 at 21:46:44.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conime.exe
    C:\Windows\system32\conime.exe


    Rkill completed on 02/10/2012 at 21:46:46.


    i ran combo fix from safemode, deleted old copies, renamed combofix myname.exe

    Combofix still wont run :(
    Same message "however scan times for badly infected..........."
  20. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    OTL Extras logfile created on: 2/10/2012 10:32:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pondalex\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.05% Memory free
    6.23 Gb Paging File | 5.88 Gb Available in Paging File | 94.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 581.12 Gb Total Space | 402.57 Gb Free Space | 69.28% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.29 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
    Drive G: | 3.72 Gb Total Space | 3.51 Gb Free Space | 94.21% Space Free | Partition Type: FAT32

    Computer Name: PONDALEX-PC | User Name: Pondalex | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2359270729-473054158-1944764805-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========
  22. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{051BBB80-25F6-46F0-AC34-150508186EF3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{09042435-7FF9-492E-B2A1-F9B46656CEC1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1521D066-526B-4F03-9D8D-2C874931AECE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1825A86F-DABD-427E-B5AF-91E12CE00C96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{22348191-28F6-48C2-9C22-32D967407657}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{229F5975-0F92-4235-9528-059E3A41EE65}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{26597EEE-9585-4801-8D95-418849361F15}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{2BDF3947-841E-4670-851A-B75DE96FA459}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3044C3D0-E897-49E1-B35C-1A6EA7EAD6AB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{410785C7-1B74-468F-9990-018E2A036E3C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{488775C6-D282-4398-AFC6-5EE26D8B4E08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{49AD9618-85FB-4FAC-BF1B-DC84E965B1CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{671B0F5E-8081-49F4-AD9B-1A90677248B0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{673B0ED4-CE15-4499-A3D0-64AFFA2683DB}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6A1F3CE9-8DFA-4C70-899D-34D316E08CD1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6D08AB37-F4A2-4D95-806C-FD4FDFDC3F94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6FAF47C1-3823-4DB2-B511-AEC9F6628BDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7368128D-D975-4B20-BCB2-7ADCDBB15F03}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{761A1A93-FA5A-494B-8203-397E4D5A9C95}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
    "{786AA48B-D002-4495-8C06-89664482D6B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
    "{7B809723-4AAE-47C4-821B-280659CB2012}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{84499E54-C285-4287-9CF5-0D3B57781D8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{92F518D7-29E7-4CD9-B286-3C7B661C46DA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{992D0223-B79E-48A9-A176-44F7FBB14DC6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{9C3B004D-9CD9-4D4D-B73E-A60D81C4244A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{A53B4D62-A100-49B4-B0B8-13DE280881AF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A5EE9030-2AF8-48CC-99C3-F7806DB0E70A}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{AEB5AF61-ABF4-43B0-9C07-6EE95C936849}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{B35B71D1-23F1-4BB9-9930-64D12DFF64D5}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{BE95C3AE-0A8D-4E90-B99E-24D8065196C0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BEC13FD4-FEC3-4778-80D6-EA9738BF004A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C2B7FADD-2868-43B4-B97E-7153815DE94C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CDC821F8-D965-4E46-A855-C36318215FF4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D38BCAD6-C614-4EE1-8415-A21A7FBF3D14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D5F3E7C5-641B-41DA-A929-94316658C624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{D60CF1DE-1FD0-4CC8-BE41-B3B576C457E1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{D93FD1C1-90E8-4B2F-B3B5-ED304B9E90FA}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{E3713CD6-FCFA-4E6E-94D9-6578911E273D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F6768782-6BDE-4D69-BA9F-55860120AC86}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FCFB7127-C269-4E5B-8B7C-F417C4D41FC2}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{FD5E52CE-F232-4A28-8021-82C06DA5E696}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FD992069-598A-4693-84A5-2F80879514EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{005B8E6C-987C-49C1-9523-FDF1B42104BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{02424703-F3FE-4EAC-9CBB-D606C202EC6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{03F66638-9DF9-4EAC-964B-8E6F7A87CD5C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{059EA0E3-6DA0-4639-BF19-4C173D797025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{05D6FAF0-64CA-4B76-B0E0-094126B62BB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{067DCFB9-CB79-4F4D-81E1-259DCCE194E7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{072688A4-8D0F-40C1-95F6-B3359EC2CECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{08FEB6F3-7589-4397-8ECB-D4C1B4839EDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0D63D13F-ADE5-4D6B-8BC1-3734C33116F4}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{0EF310E8-20FE-47B6-9B59-DF02A469ED4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0F49EC18-1D8D-4071-87D6-EB0A802699DC}" = protocol=6 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{1015BCEC-AD90-4907-8058-F022CB85C9FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1335493B-7031-4574-A478-72BEC92D491B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{19285FA7-23D6-4AC8-8198-23443E12FC8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1B583C20-5AE1-4EAE-973D-7C7E64200022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1DEF590C-8E93-4374-AA43-0E92817335CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{1E829F8F-2BC4-41C3-A66B-7333246873F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1F21D2EF-08D1-49EF-B966-D65B58A69BA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1F751DAA-AD24-4E42-8680-EEF450404C5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{214A3C33-837B-4BDC-9527-8BBEA934F6CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{216C8047-F289-4587-B9B6-D3E69CF50576}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{25C1F6A5-49C7-422D-BDD3-0020530F9CF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{25C8619E-48CE-4A57-8D04-A8F3580D18DC}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{338158E1-AEA8-4D1C-BA9F-DF48320CF022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{37D3B2EB-3641-42DB-9691-81E4EC5B4AFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{380C8045-BFC1-44A4-9580-48B3FFF068B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{43EE059F-627D-4A77-9E2B-F2957DB54A7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4417AE54-B353-4B97-8E41-E4208AF1BC74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{443F4EAF-4B6F-4904-B367-1831E742B235}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{449C2ECB-C106-4636-8719-DFE2005F57E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4A69334E-CDDA-4080-A026-09551D996C0B}" = protocol=6 | dir=in | app=c:\users\pondalex\appdata\local\vghd\bin\virtuagirl_downloader.exe |
    "{4D558B62-42D0-4964-B87E-5E3C5A11BC9F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{4E93BCC2-A673-4BEC-9357-87652F715058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{509B1D06-025C-46D7-B001-883D2AF936D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5438DB86-EA44-4844-8100-43B44DF75B73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{54F9BA77-6CB1-41B2-96AC-81C4111F087C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{57301A08-62E8-4300-9A8D-EBBC92F856E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5796304F-EB08-4ABC-A286-219EBE47E6A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5CD76D40-A3BB-4563-881B-A2D38B4B6938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5DEC6572-A234-4505-BD8E-EDC824090AE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{61DD3184-2A46-4011-AA16-6995F88DD4ED}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{62D158A4-910F-4F9F-ABEC-4060E529D9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{673EACD5-D824-4535-B3E9-B283C159EC8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{69AD5A1C-C2C9-4FD2-91EE-5E88A2A31AEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6A76B5AE-AAF4-4D25-9DB2-A7A91A25C4C3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{6AAFE5C4-D075-4356-9219-62F2E329DCCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6D5C30F6-CBB2-4267-8659-8A064AAD3AD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{752E7C1E-2171-4DF2-90CA-762F07ACBBE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{788E6434-A493-4856-9DC9-3A2170FF1F9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{791E7868-2CF4-4C4F-90E4-A0CD6BD8AB6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8061B6E0-1DB4-4261-8388-AC5ACF830C4D}" = dir=in | app=c:\users\pondalex\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{8163699A-6195-480B-B2CB-A6081748A2EB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{85981CB7-CD78-42AC-9086-BD7CBEEF75EA}" = protocol=17 | dir=in | app=c:\program files\savetubevideo.com\savetubevideo\downloader.exe |
    "{8796D5DC-4E0F-4A46-9EDD-C4134D87BEC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{891A1427-F82B-4B24-A59D-2ED1FF9968B6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
    "{8CB0189A-06E6-4562-B5D2-6DF5EAA8F0D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{8E50812C-5662-48A9-A888-2B25693913F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{90C64C26-FF38-40D9-A392-10B277306E72}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "{92784017-8082-4B31-84AF-8700F2737B18}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
    "{93014871-42AE-4E73-B3BD-62686481D492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{94179332-2F67-4BFF-A86F-B9571D576EEB}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{944570B1-07B5-4B42-BFD3-73D621C70CA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{954B0C52-6152-4CF4-BA8B-628BA370DCDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{95CD36A3-20B5-4196-A23F-434CD13AA323}" = protocol=17 | dir=in | app=c:\users\pondalex\appdata\local\tversity\media server\mediaserver.exe |
    "{9CDD3DDE-07B7-47AA-A046-E317724501F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9CF070CF-D504-419D-8BA3-C6019F620C6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{9DBF89AF-70CB-45F5-9D85-CE1A1DE080FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9E08F687-95A0-4F53-9DF0-B013074F9DC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9FE5EA73-76DB-4DE9-A912-486BDDDFC9E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A299BCD8-4E91-4596-B348-D442EE07B2C1}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A2EAA1A6-5A85-4290-9BED-227C1E8C4F66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A40A4F73-3BB1-437B-9A21-503F65080ED5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A54374EC-5697-4DF2-991A-D45799D67995}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{A7409AED-5402-48CF-8F2C-0F131EBCA9BD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
    "{A7BE7154-6643-4322-AB77-A4873FB53C34}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A7FC9A05-7533-4A42-A197-E6905519A83E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A82DAED0-4EC5-4A62-AE2F-48E68AED5B67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AA5A8D1E-DC7B-4B60-AAEC-A80E180A328A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ABCD1CF8-35B7-4E5D-A86C-A40D3E64EA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ADDFB155-81DF-40FA-8A00-8F8F9398321A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AE95A1A3-6241-4FCE-B4CE-D88F08715E16}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{AF68CC17-1130-4612-B6CA-BF3839B08659}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AFC1A050-EA63-475A-81D1-F393CB9194EB}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
    "{B0F4021D-CA00-4A66-B7B9-3E76D36163AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B10090E0-86DB-4602-967D-3A91789B4593}" = protocol=17 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{B1A36587-475B-441B-B8AB-FBE2E5D6210D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{B1C69675-DF85-4F6C-96AF-0BD89847BC59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B433BE7E-B420-4856-88FC-09268CF17C66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B5E6B512-45B9-45F7-927B-81D01D42F31D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{B69DB012-EB0A-4623-A6C3-CFC27536F6ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B8888E0A-5A69-401F-BDBA-C7A9255E0D40}" = protocol=6 | dir=out | app=system |
    "{B94B451F-9640-4149-B8AB-05565DC78F62}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
    "{B9BD13E4-1411-49A6-80FD-0F3DE9092A78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BD379C10-6253-492E-B8A3-673FE3BF69E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BDE5A946-04ED-436A-AA74-F60726A24B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BE0CE706-CDF0-46F9-BCFD-928BFC3164F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BED3D035-2576-4D7B-B3FD-E17DA59F1BFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C1D8C662-160A-46C3-8673-4194C787E9E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C48D275B-2BF4-453C-9A47-7BE8246E0A9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C56607E7-D9FC-44C6-9A21-93EA777AAEF9}" = protocol=17 | dir=in | app=c:\users\pondalex\appdata\local\vghd\bin\virtuagirl_downloader.exe |
    "{C7F16776-5A42-41A1-BF70-E36EC08AB883}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{C8F0918F-55C4-406C-969A-04DA034E697A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C9417FD3-FDBD-4801-9D6C-4674FD321A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CBA6C375-BDBE-444C-9D45-207206EB9064}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{CC38840D-0271-4D8F-A511-0E388DFD3644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CEE2C285-5A4B-43AA-BED0-B22D3C5093B1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "{D8A3792E-191F-472D-BDD8-683A62BB4ECD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{DB1A3311-B7FC-46D7-A5BE-2EDDE43CEC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E6429216-B62A-4746-ACCB-83A91F11CF25}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{EAB604B1-022F-4B34-9437-19AD5AAC2418}" = protocol=6 | dir=in | app=c:\users\pondalex\appdata\local\tversity\media server\mediaserver.exe |
    "{EAD2DBAB-2E62-4B3C-AC16-968CC91EBC2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EB0331F5-BE71-4843-8EC5-7AA6852F3125}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EE315075-A8BC-49B1-9C3A-D7B85ED9E03D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EFE20CFF-751D-48DD-8BED-345F09CDBAF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F1423AB2-24F1-4823-A7AF-63CE46863D72}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{F3B828B4-82E4-4B53-992A-9A1A9A90BF75}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
    "{F3F41D3B-F311-43CF-8D0A-27A21EA32C68}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{F504C771-E86D-4CC2-A893-69F1D74283AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F87EC578-2C58-4D88-9309-95D5BAEAACA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F8C5A295-B08B-4D8E-8957-6379306211D0}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{F8C823CE-8CB0-471B-8B83-56432CB599BB}" = protocol=6 | dir=in | app=c:\program files\savetubevideo.com\savetubevideo\downloader.exe |
    "{F8D93206-D552-4126-AC20-B34A2C1B9579}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{FB3AB1B7-6A89-4B47-A94E-75FF51D5B6BB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{FBC3BC35-C9D0-4536-A03D-74E2ED3BD046}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FCFA8A59-C851-4505-AEF4-5A4EC385E922}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{FE04D13B-5EA4-4C97-B33A-357142496FDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FEE62167-2D17-48DC-8D60-1FAC6F22E1C2}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{FFEF78C9-30C3-40C4-9064-C1D5A32E3C3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{1E0A0A18-3E5E-46DE-97D9-032F1CB88743}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
    "TCP Query User{24CDCCAE-30C5-4EE7-A158-3A538F0014EB}C:\program files\dylogic\vision\bin\vision.exe" = protocol=6 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
    "TCP Query User{5145181B-CD05-4B97-A64F-C6FD43351EDD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{80606018-B02E-44A1-902F-C43783C44D8D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{943C8E04-93B3-4F91-ABF5-BEFC0D6E0DD6}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{A6955BFF-0ADC-42C7-B14D-212E1817EFE4}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
    "TCP Query User{AEA52364-85F4-4EFD-A25F-1EE7E6E02323}C:\program files\dylogic\vision\bin\vision.exe" = protocol=6 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
    "UDP Query User{1FF73E11-E0DB-4739-B249-3C19BEACFE34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{2F65793E-DF00-427E-AE9F-EAEF2BABCEED}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
    "UDP Query User{3C44C0CA-1FB1-43FF-A720-3318039C0224}C:\program files\dylogic\vision\bin\vision.exe" = protocol=17 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
    "UDP Query User{99668303-6933-4629-AD7D-212C79336851}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{B66A14A5-F742-4B8F-8FDA-FAE5271AFEBC}C:\program files\dylogic\vision\bin\vision.exe" = protocol=17 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
    "UDP Query User{C10F8CB3-4845-44BD-8C83-ABB480A7F837}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
    "UDP Query User{E43C185C-1D7F-4D6F-B377-AEAC01A5C564}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
    "{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
    "{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
    "{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
    "{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
    "{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
    "{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
    "{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
    "{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
    "{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
    "{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
    "{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
    "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
    "{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
    "{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
    "{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
    "{4F0CEB21-51DF-499F-95EB-FE95305A249F}" = CASC
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
    "{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{620797B0-A022-4B57-A95E-DD7DD0341014}" = HideAnyWindow
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
    "{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
    "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
    "{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{83AB2CBA-BEA9-C709-7FB7-AFFCD604F810}" = ATI AVIVO Codecs
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{87FADE3A-DF93-F38C-1952-05D55880B82A}" = ccc-utility
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_AccessR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_AccessR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_AccessR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
    "{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
    "{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
    "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
    "{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
    "{96976098-9527-41E4-837E-EAA1DBEADB54}" = TurboTax 2008 whiiper
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
    "{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
    "{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Ru
  23. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
    "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B63B53EF-B1D5-C009-28D6-592F64707E17}" = ATI Catalyst Install Manager
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{BB7D274A-8AFD-4E55-BDD3-DCD2A91D1B0D}" = Vision
    "{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
    "{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
    "{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
    "{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
    "{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF6F8056-3EC3-4582-A915-9BF11A82097A}" = TurboTax 2008 wnmiper
    "{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
    "{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
    "{D3903688-F924-4AD8-B762-259CF2946C4E}" = QuickConnect
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
    "{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
    "{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
    "{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
    "{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
    "{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F56F9237-B298-48B4-BC57-2E4629987700}" = Dell DataSafe Online
    "{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "8461-7759-5462-8226" = Vuze
    "AccessR" = Microsoft Office Access 2007
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ARO 2012_is1" = ARO 2012
    "AutoGK" = Auto Gordian Knot 2.55
    "AviSynth" = AviSynth 2.5
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "Camfrog 6.1" = Camfrog Video Chat 6.1
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "Chuck's Planted Aquarium Calculator_is1" = Chuck's Planted Aquarium Calculator v1.0i
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
    "DivXLand Media Subtitler" = DivXLand Media Subtitler
    "DPP" = Canon Utilities Digital Photo Professional 3.8
    "EOS Utility" = Canon Utilities EOS Utility
    "Excel Join (Merge, Combine) Multiple Sheets & Fi~0B6A6C16_is1" = Excel Join (Merge, Combine) Multiple Sheets & Files Into One So
    "ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
    "ffvfw" = ffvfw (uninstall only)
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "GPG4Win" = Gpg4win (2.1.0)
    "GridinSoft Trojan Killer" = Trojan Killer
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "KidLogger_is1" = KidLogger PRO 5.6.3
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
    "LimeWire" = LimeWire 5.2.13
    "lvdrivers_11.90" = Logitech QuickCam Driver Package
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "mIRC" = mIRC
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Orb" = Winamp Remote
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PhotoScape" = PhotoScape
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "PokerStars" = PokerStars
    "PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
    "QwestQuickCare_is1" = Qwest Quickcare 2.5
    "RealPlayer 12.0" = RealPlayer
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "TrueCrypt" = TrueCrypt
    "TurboTax 2008" = TurboTax 2008
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.3
    "TVersitybar Toolbar" = TVersitybar Toolbar
    "Uniblue RegistryBooster" = Uniblue RegistryBooster
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "VLC media player" = VLC media player 0.9.2
    "VobSub" = VobSub v2.23 (Remove Only)
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Webcam Simulator_is1" = Webcam Simulator 5.3
    "WFTK" = Canon Utilities WFT Utility
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "Google Chrome" = Google Chrome
    "VirtuaGirl_is1" = VirtuaGirl version 1.0.8.0

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  24. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    OTL logfile created on: 2/10/2012 10:32:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pondalex\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.05% Memory free
    6.23 Gb Paging File | 5.88 Gb Available in Paging File | 94.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 581.12 Gb Total Space | 402.57 Gb Free Space | 69.28% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.29 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
    Drive G: | 3.72 Gb Total Space | 3.51 Gb Free Space | 94.21% Space Free | Partition Type: FAT32

    Computer Name: PONDALEX-PC | User Name: Pondalex | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (StopSign Update Manager)
    SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
    SRV - [2011/03/02 08:20:58 | 000,224,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
    SRV - [2010/11/25 19:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/02/23 17:28:07 | 000,263,504 | ---- | M] (eAcceleration Corp) [Auto | Stopped] -- C:\Program Files\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
    SRV - [2009/02/23 17:28:05 | 000,111,952 | ---- | M] (eAcceleration Corp) [Auto | Stopped] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (sstsmonsvc)
    SRV - [2009/02/23 17:28:05 | 000,111,952 | ---- | M] (eAcceleration Corp) [Auto | Stopped] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (eac_notifysvc)
    SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/18 13:22:44 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2008/08/06 09:10:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/08/06 08:51:50 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2008/05/14 07:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
    SRV - [2008/05/14 07:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
    SRV - [2008/05/14 07:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
    SRV - [2007/10/03 12:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2012/01/29 16:45:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
    DRV - [2012/01/04 07:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
    DRV - [2010/11/25 21:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2010/11/25 21:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2010/11/25 21:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/11/25 19:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/17 05:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
    DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2010/03/30 21:26:33 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
    DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2008/12/16 23:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/07/26 15:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
    DRV - [2008/07/26 08:25:58 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
    DRV - [2008/07/26 08:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2007/09/12 01:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/06/15 09:28:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/04/21 07:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tenCapture.sys -- (tenCapture)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========



    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Pondalex\AppData\Roaming\nprhapengine.dll File not found
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pondalex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pondalex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pondalex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:02:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF

    [2010/09/06 11:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Extensions
    [2009/08/30 18:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/06/29 21:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Firefox\Profiles\gube1t88.default\extensions
    [2010/06/13 21:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Firefox\Profiles\gube1t88.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/11/25 08:05:30 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Firefox\Profiles\gube1t88.default\extensions\toolbar@ask.com
    [2010/03/27 14:56:33 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
    CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: SiteAdvisor = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
    CHR - Extension: Click to call with Skype = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
    CHR - Extension: Gmail = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2011/10/09 08:21:32 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [hxmihOGCcujDAx.exe] C:\ProgramData\hxmihOGCcujDAx.exe File not found
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [MS Shell Services] C:\Program Files\KidLogger\Kidlogger.exe (Tesline-service)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.)
    O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [Camfrog] C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
    O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [CamfrogServer60] "C:\Program Files\Camfrog\Camfrog Server 6.0\CamfrogServer.exe" 0 C:\Program Files\Camfrog\Camfrog Server 6.0\CamfrogServer.exe File not found
    O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [Facebook Update] C:\Users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [MS Shell Services] C:\Program Files\KidLogger\Kidlogger.exe (Tesline-service)
    O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Pondalex\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51B9B62-F667-49E2-9FBB-5E27E22E0B87}: NameServer = 192.168.2.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/05/09 21:10:08 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/05/09 21:10:08 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{3c44b837-9004-11dd-9a75-001ec951d625}\Shell - "" = AutoRun
    O33 - MountPoints2\{3c44b837-9004-11dd-9a75-001ec951d625}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{a591c8c6-11bc-11de-9b21-b397ca9d42d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a591c8c6-11bc-11de-9b21-b397ca9d42d4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{b1130fb6-63ac-11dd-a1d9-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{b1130fb6-63ac-11dd-a1d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MONITOR.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  25. nautilus808

    nautilus808 Newcomer, in training Topic Starter Posts: 60

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.fvfw - C:\Windows\System32\ffvfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/10 22:28:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
    [2012/02/10 21:47:53 | 000,000,000 | --SD | C] -- C:\pondalex.exe
    [2012/02/10 21:42:15 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
    [2012/02/10 21:40:02 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
    [2012/02/09 23:12:28 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4C1E80EB-0CE3-47E1-B285-2497918556EA}
    [2012/02/09 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A212E0D0-ED22-437B-A26A-4024B8CA0954}
    [2012/02/09 21:33:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/09 20:52:40 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{41A808CF-B1B1-4A56-943B-A2C051B54CE7}
    [2012/02/08 22:07:55 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
    [2012/02/08 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\FixTDSS
    [2012/02/08 21:42:16 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{085C0C62-9B01-457D-A3E1-D8DD9E54483C}
    [2012/02/08 21:36:40 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
    [2012/02/07 23:01:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{3E46A29A-6D77-46D0-8020-0E344BAFD700}
    [2012/02/07 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{964E2C7A-4349-40B9-9648-40795122C323}
    [2012/02/07 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{AD07AE29-C492-4FAD-BC21-3365F627DD40}
    [2012/02/07 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4D63A5AA-817B-4E57-8F90-1989811D3877}
    [2012/02/07 20:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/02/06 22:38:53 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{59B9D6FD-561B-4CE4-B90C-E54743CCDCD6}
    [2012/02/06 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{7E11F4BE-CB8C-409A-983B-DF322FC48828}
    [2012/02/06 20:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
    [2012/02/06 20:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/02/06 20:32:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{541E093D-3270-44CA-A5B4-5D71E3127B4C}
    [2012/02/05 22:02:38 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{04599384-2DEE-4E8D-B453-EEADBF258CE1}
    [2012/02/05 21:29:31 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{24661336-3BF1-4643-BDD7-66CC6C9E313D}
    [2012/02/05 10:58:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{188C5182-736B-4053-9155-A9E719886097}
    [2012/02/05 10:31:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0AADBA10-9FF0-4C79-9832-5531C3AF416D}
    [2012/02/05 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\New Folder
    [2012/02/05 09:43:13 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{D5774097-16F7-48DC-9D35-D4C0F7BAB0D7}
    [2012/02/05 01:48:30 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{1DB7B744-17E3-4D71-AAEA-AA3227FCF25E}
    [2012/02/05 01:26:21 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{46FDA7CF-52BF-4EF2-A510-CE78A304E4F7}
    [2012/02/05 01:21:01 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{74EAEF6A-D7E0-49E7-90E3-48934911B8B5}
    [2012/02/04 22:25:23 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\Downloads
    [2012/02/04 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\GetRightToGo
    [2012/02/04 22:07:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E6772F27-47C5-458A-BCDA-A199A76DF805}
    [2012/02/04 20:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/02/04 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/04 18:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012
    [2012/02/04 18:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012
    [2012/02/04 17:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{3F65F7E4-D45B-40DB-8BAB-6BC67E1C89CA}
    [2012/02/04 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{B157629C-15F6-4E32-B6C0-0B83A92CAAC9}
    [2012/02/04 15:56:13 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/02/04 15:38:55 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{80BB24DD-1BCD-43D3-A561-812CC7243FD1}
    [2012/02/03 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{95A66B5E-0BFB-4E9B-843E-3CFB99B6D2C5}
    [2012/02/03 22:23:50 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{5D97F6D4-7F12-492B-9E4D-E252820A1803}
    [2012/02/03 12:05:29 | 000,000,000 | R--D | C] -- C:\Users\Pondalex\Downloads\Documents\Videos
    [2012/02/03 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{DCB66558-8F82-42A6-8A27-12CB45D9BECB}
    [2012/02/03 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0F311329-1D80-485C-85F5-F0B5A6EBBDE4}
    [2012/02/02 19:40:38 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0EAE513F-9D34-4A8E-AA05-30D686FBB003}
    [2012/02/02 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0DBA32FE-10F5-43F6-9683-2C9A863D7824}
    [2012/02/01 20:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/02/01 19:13:02 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\Ota
    [2012/02/01 19:13:02 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\Nelyu
    [2012/02/01 14:17:51 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{359AF589-505B-4B60-B9CB-71038A34D314}
    [2012/02/01 14:17:29 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0DC162EA-D7BD-485E-BF47-5EC137E4B42F}
    [2012/02/01 02:16:51 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{13CC314C-BACC-403E-BBEA-641396E96A6B}
    [2012/01/31 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A9C3A606-A6A3-4A63-AE47-85DA38049CF6}
    [2012/01/31 14:15:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{6CB86C0F-0068-41B5-A08A-22385BD70876}
    [2012/01/29 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\gtk-2.0
    [2012/01/29 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\GNU
    [2012/01/29 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\.kde
    [2012/01/29 18:15:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Gpg4win Documentation
    [2012/01/29 18:15:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\gnupg
    [2012/01/29 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU
    [2012/01/29 18:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
    [2012/01/29 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\container
    [2012/01/29 16:50:00 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\TrueCrypt
    [2012/01/29 16:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
    [2012/01/29 16:45:40 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
    [2012/01/29 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
    [2012/01/29 12:32:16 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{52CB9669-77D3-413B-9D61-ECE6BC9F29A7}
    [2012/01/29 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{CD8F7FD8-0EF7-4135-8A73-6C9BA8415985}
    [2012/01/28 11:33:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\Facebook
    [2012/01/28 11:04:50 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{450C322D-9F73-4EF3-8136-F454104AC979}
    [2012/01/27 23:04:25 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{63463D14-0E19-48F1-9D9D-D5BB9B480F34}
    [2012/01/27 11:04:01 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{F76E2ABD-1FBE-4361-A7FD-36465A81FDF3}
    [2012/01/26 23:03:24 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{5EBAB220-6565-4A5D-92E3-BDAC77A73FAF}
    [2012/01/26 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{9C70268A-F531-4106-8A11-0B74E498C845}
    [2012/01/25 18:56:33 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{5A16FE21-B5DD-419A-81C0-985FD678EB0C}
    [2012/01/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{19876D57-CE39-472D-A1FA-F693FB18E2FB}
    [2012/01/24 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{EBD38DB3-E564-4508-A0ED-442B7C1B54BA}
    [2012/01/24 10:00:40 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{21B8CD8C-0341-4A8A-ABAE-2EF6DFEE27C9}
    [2012/01/24 10:00:28 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{FDD3973D-12DA-4972-98D3-3B342E91E898}
    [2012/01/23 23:28:10 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\httpkpvz7ki2v5agwt35.onionwikiindex.phpMain_Page#Erotica
    [2012/01/23 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\Tor Browser
    [2012/01/23 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\tor
    [2012/01/23 19:07:41 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{111570F8-035E-421C-BCAB-1C2752303C3D}
    [2012/01/23 03:00:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{3CEDED40-20FF-48B8-86B5-589BCECA7F3F}
    [2012/01/22 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A1D4ED5D-6EE0-4947-AA92-19ACC41697D2}
    [2012/01/22 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E2D6C90D-2862-449F-8C44-74B9033D5918}
    [2012/01/19 22:58:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/01/18 22:28:54 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{2D4F27E2-80EC-4BFA-8EA3-746B60F4DF0C}
    [2012/01/18 10:28:29 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{AD6E778B-4E10-4843-B6C9-F21EB81EDA8B}
    [2012/01/17 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{584E303E-FD93-495F-B6D6-5EBA9D2C1580}
    [2012/01/17 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0FAA8F22-ACD9-4400-B04F-993B092C27AD}
    [2012/01/16 22:27:10 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{132EC03E-46F6-4C91-BAF7-9635D5E47357}
    [2012/01/16 22:26:55 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{DC3D7650-C3DA-4566-9595-EA65D7323286}
    [2012/01/16 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{370A96D5-5ABB-444B-85B8-0071E78BCE5B}
    [2012/01/16 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{13466D02-201F-4D34-BCDE-2E6EA8CC2B8B}
    [2012/01/15 22:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{8156DB1D-172E-4E63-B943-7654B7BBCE91}
    [2012/01/15 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{42DFC0C3-32A7-45D0-B189-E5EA66CDBAD5}
    [2012/01/15 10:25:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.