Win64/sirefef virus help!

Solved
By CheeseJam
Jul 1, 2012
  1. Like many here, I too have this sirefef virus (appears to be at least a trojan). My computer keeps restarting after booting. I have a Windows 7 64 bit computer. I followed initial similar instructions in other threads:

    "For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply."
    Here is my pasted text, thanks for the help!

    Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 04
    Ran by SYSTEM at 30-06-2012 23:48:00
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2779432 2011-12-26] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2011-10-20] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392472 2011-10-20] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [416024 2011-10-20] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12661352 2011-07-31] (Realtek Semiconductor)
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [VirtualCloneDrive] "D:\Programs\VirtualCloneDrive\VCDDaemon.exe" /s [x]
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] "D:\Programs\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
    HKU\Robert\...\Run: [MusicManager] "C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
    HKU\Robert\...\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe [226816 2011-12-02] (Unified Remote)
    HKU\Robert\...\Run: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-25] (Google Inc.)
    HKU\Robert\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-19] (BitTorrent, Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
    ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
    Startup: C:\Users\Robert\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 ExpressCache; "C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe" [79664 2011-09-22] (Diskeeper Corporation)
    3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656536 2011-05-05] (Intel Corporation)
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    2 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
    3 CoordinatorServiceHost; C:\Programs\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
    4 PDMWorks Workgroup Server; C:\Programs\SolidWorks\Vault\pdmwService.exe [x]
    2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [x]
    2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]

    ========================== Drivers (Whitelisted) =============

    3 acpials; C:\Windows\System32\Drivers\acpials.sys [9728 2009-07-13] (Microsoft Corporation)
    3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31216 2011-08-16] (CyberLink Corporation)
    1 excfs; C:\Windows\System32\Drivers\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)
    0 excsd; C:\Windows\System32\Drivers\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)
    3 FlashUSB; C:\Windows\system32\drivers\FlashUSB_x64.sys [19968 2010-12-20] (Danish Wireless Design A/S)
    1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2009-05-27] (SAMSUNG ELECTRONICS)
    2 SGDrv; C:\Windows\system32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
    3 shspusb; C:\Windows\system32\drivers\HSPUSB.sys [24064 2010-12-20] (MobileTop)
    3 ssaebus; C:\Windows\System32\Drivers\ssaebus.sys [136264 2010-12-20] (MCCI Corporation)
    3 ssaeunic; C:\Windows\System32\Drivers\ssaeunic.sys [178760 2010-12-20] (MCCI Corporation)
    3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [141384 2010-12-20] (MCCI Corporation)
    3 ssceserd; C:\Windows\System32\Drivers\ssceserd.sys [129024 2010-12-20] (MCCI Corporation)
    3 ssm_bus; C:\Windows\System32\Drivers\ssm_bus.sys [136192 2010-12-20] (MCCI Corporation)
    3 ssm_mdm; C:\Windows\System32\Drivers\ssm_mdm.sys [172032 2010-12-20] (MCCI Corporation)
    3 ssuddmgr; C:\Windows\System32\Drivers\ssuddmgr.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 ssudobex; C:\Windows\System32\Drivers\ssudobex.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 ssudserd; C:\Windows\System32\Drivers\ssudserd.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 ss_bbus; C:\Windows\System32\Drivers\ss_bbus.sys [127488 2010-12-20] (MCCI)
    3 ss_bserd; C:\Windows\System32\Drivers\ss_bserd.sys [128000 2010-12-20] (MCCI Corporation)
    3 ss_bus; C:\Windows\System32\Drivers\ss_bus.sys [127488 2010-12-20] (MCCI Corporation)
    3 ViaUsbEtsDriver; C:\Windows\System32\drivers\ViaUsbEts.sys [21760 2008-05-29] (Via Telecom, Inc.)
    3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-30 23:47 - 2012-06-30 23:48 - 00000000 ____D C:\FRST
    2012-06-30 22:21 - 2012-06-30 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26551EFC42F92159
    2012-06-30 22:21 - 2012-06-30 22:21 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ztgdaepm.sys
    2012-06-30 22:18 - 2012-06-30 22:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B2FCBDAC23F3B4E
    2012-06-30 22:14 - 2012-06-30 22:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5700CA9E4736953
    2012-06-30 22:13 - 2012-06-30 22:15 - 00000494 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-06-30 22:13 - 2012-06-30 22:13 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SpeedyPC Software
    2012-06-30 22:13 - 2012-06-30 22:13 - 00000000 ____D C:\Users\Robert\AppData\Roaming\DriverCure
    2012-06-30 22:12 - 2012-06-30 22:12 - 00001166 ____A C:\Users\Robert\Desktop\SpeedyPC Pro.lnk
    2012-06-30 22:12 - 2012-06-30 22:12 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-06-30 22:12 - 2012-06-30 22:12 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
    2012-06-30 22:11 - 2012-06-30 22:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5F905C98B4F5313
    2012-06-30 22:08 - 2012-06-30 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E7AA26374AABF56B
    2012-06-30 22:05 - 2012-06-30 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4F9720926DF0A61
    2012-06-30 21:59 - 2012-06-30 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9716C049E27862B6
    2012-06-30 21:53 - 2012-06-30 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.129217ABB62BD4E1
    2012-06-30 21:50 - 2012-06-30 21:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-30 21:50 - 2012-06-30 21:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-30 10:01 - 2012-06-30 10:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-06-23 14:44 - 2012-06-23 14:44 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-06-23 14:00 - 2012-06-23 14:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2012-06-23 13:56 - 2009-08-21 00:52 - 00079976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
    2012-06-23 13:56 - 2009-08-13 21:40 - 01436920 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-06-23 13:52 - 2012-06-23 13:52 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
    2012-06-21 09:38 - 2012-06-23 18:15 - 00000000 ____D C:\Windows\rescache
    2012-06-21 08:47 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 08:47 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 08:47 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 08:47 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 08:47 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 08:47 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 08:47 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 08:47 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 08:47 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-14 08:25 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 08:25 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 08:25 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 08:25 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 08:25 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 08:25 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 08:25 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 08:25 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 08:25 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 08:25 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 08:25 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 08:25 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 08:25 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 08:25 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 08:25 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 08:25 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 08:25 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 08:25 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 08:25 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 08:25 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 08:25 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 08:25 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 08:25 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 08:25 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 08:25 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 08:25 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 08:25 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 08:25 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 06:41 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 06:41 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 06:41 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 06:41 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 06:41 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 06:41 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 06:41 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 06:41 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 06:41 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 06:41 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 06:41 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 06:41 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 06:41 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 06:41 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 06:41 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 06:41 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 06:41 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

    ============ 3 Months Modified Files ========================

    2012-06-30 22:21 - 2012-06-30 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26551EFC42F92159
    2012-06-30 22:21 - 2012-06-30 22:21 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ztgdaepm.sys
    2012-06-30 22:19 - 2009-07-13 21:13 - 00783224 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-30 22:18 - 2012-06-30 22:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B2FCBDAC23F3B4E
    2012-06-30 22:15 - 2012-06-30 22:13 - 00000494 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-06-30 22:15 - 2012-04-25 11:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-30 22:15 - 2011-11-11 12:40 - 00043664 ____A C:\Windows\setupact.log
    2012-06-30 22:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-30 22:14 - 2012-06-30 22:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5700CA9E4736953
    2012-06-30 22:12 - 2012-06-30 22:12 - 00001166 ____A C:\Users\Robert\Desktop\SpeedyPC Pro.lnk
    2012-06-30 22:11 - 2012-06-30 22:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5F905C98B4F5313
    2012-06-30 22:08 - 2012-06-30 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E7AA26374AABF56B
    2012-06-30 22:05 - 2012-06-30 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4F9720926DF0A61
    2012-06-30 22:04 - 2011-11-21 10:41 - 01219548 ____A C:\Windows\WindowsUpdate.log
    2012-06-30 21:59 - 2012-06-30 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9716C049E27862B6
    2012-06-30 21:53 - 2012-06-30 21:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.129217ABB62BD4E1
    2012-06-30 21:52 - 2011-12-25 11:21 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA.job
    2012-06-30 21:50 - 2011-11-09 13:59 - 00797374 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-30 21:50 - 2011-11-09 13:59 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-30 21:44 - 2012-04-25 11:39 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-30 12:54 - 2011-12-25 11:23 - 00002375 ____A C:\Users\Robert\Desktop\Google Chrome.lnk
    2012-06-30 09:01 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-30 09:01 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-30 07:52 - 2011-12-25 11:21 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core.job
    2012-06-23 14:00 - 2012-06-23 14:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2012-06-23 13:52 - 2011-12-26 07:57 - 00139583 ____A C:\Windows\DirectX.log
    2012-06-14 08:50 - 2009-07-13 20:45 - 04996032 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 08:30 - 2011-11-09 17:18 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-06-21 08:47 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 08:47 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 08:47 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-21 08:47 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 08:47 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 08:47 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 08:47 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 08:47 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-21 08:47 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 10:42 - 2011-12-25 14:23 - 00001024 ____A C:\Users\Robert\Desktop\Dropbox.lnk
    2012-05-29 19:42 - 2012-05-29 19:42 - 00007605 ____A C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
    2012-05-21 21:49 - 2012-05-21 21:49 - 00262144 ____A C:\Windows\Minidump\052112-14835-01.dmp
    2012-05-19 13:08 - 2011-12-25 14:13 - 00000914 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-17 18:47 - 2012-06-14 08:25 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 08:25 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 08:25 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 08:25 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-14 08:25 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-14 08:25 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-14 08:25 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-14 08:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 08:25 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 08:25 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 08:25 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 08:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 08:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 08:25 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 08:25 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 08:25 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 08:25 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 08:25 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 08:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 08:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 08:25 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 08:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 08:25 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 08:25 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 08:25 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 08:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 08:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 08:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-13 06:41 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-07 17:59 - 2011-12-25 15:13 - 00007124 ____A C:\Windows\PFRO.log
    2012-05-05 06:53 - 2012-04-25 12:30 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-05 06:53 - 2012-04-25 11:41 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-05 06:53 - 2011-11-09 18:39 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-04 03:06 - 2012-06-13 06:41 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 06:41 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 06:41 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-02 15:42 - 2012-05-02 15:42 - 04960718 ____A C:\Users\Robert\Downloads\Pazera_Free_MKV_to_AVI_Converter.zip
    2012-04-30 21:40 - 2012-06-13 06:41 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 14:13 - 2012-04-30 14:12 - 00013821 ____A C:\Users\Robert\Documents\Install STAR WARS The Old Republic.log
    2012-04-29 22:50 - 2012-04-29 22:50 - 00525792 ____A (Microsoft Corporation) C:\Windows\DIFxAPI.dll
    2012-04-29 22:50 - 2012-04-29 22:49 - 00002338 ____A C:\RHDSetup.log
    2012-04-29 22:50 - 2012-04-29 22:49 - 00000206 ____A C:\setup.log
    2012-04-29 19:11 - 2012-04-29 19:11 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
    2012-04-27 19:55 - 2012-06-13 06:41 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 22:50 - 2012-04-25 22:50 - 00000637 ____A C:\Users\Robert\Desktop\Games.lnk
    2012-04-25 22:35 - 2012-04-25 22:35 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-04-25 21:41 - 2012-06-13 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 06:41 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 11:39 - 2012-04-25 11:39 - 00740104 ____A (Google Inc.) C:\Users\Robert\Downloads\googledrivesync.exe
    2012-04-23 21:37 - 2012-06-13 06:41 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 06:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 06:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 06:41 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 06:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 06:41 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 16:17 - 2012-04-03 13:16 - 00000971 ____A C:\Users\Public\Desktop\MATLAB R2011a.lnk
    2012-04-18 18:43 - 2012-04-18 18:43 - 05933164 ____A (Jacek Pazera ) C:\Users\Robert\Downloads\Pazera_Free_MP4_to_AVI_Converter.exe
    2012-04-07 04:31 - 2012-06-13 06:41 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 06:41 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-05 21:34 - 2012-04-05 21:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-04-05 21:34 - 2012-04-05 21:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-04-05 21:34 - 2012-04-05 21:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-04-05 21:33 - 2012-04-05 21:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-04-05 21:33 - 2012-04-05 21:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-04-05 21:33 - 2012-04-05 21:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-04-05 21:32 - 2012-04-05 21:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-04-05 21:32 - 2012-04-05 21:32 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-04-05 21:32 - 2012-04-05 21:32 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-04-04 21:54 - 2012-04-04 21:54 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk


    ZeroAccess:
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\@
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\L
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\L\00000004.@
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\L\55490ac4
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U\00000008.@
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U\80000000.@
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U\80000032.@
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U\80000064.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe
    [2011-10-16 22:08] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

    C:\Windows\SysWOW64\svchost.exe
    [2011-10-16 22:08] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys
    [2011-10-16 22:08] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 10%
    Total physical RAM: 8105.55 MB
    Available physical RAM: 7283.71 MB
    Total Pagefile: 8103.75 MB
    Available Pagefile: 7277.2 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:50 GB) (Free:8.41 GB) NTFS
    2 Drive e: (TEMP_PART01) (Fixed) (Total:625.94 GB) (Free:432.39 GB) NTFS
    3 Drive f: (SAMSUNG_REC) (Fixed) (Total:22.59 GB) (Free:2.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: (USB20FD) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 7641 MB 0 B
    Disk 1 Online 698 GB 0 B
    Disk 2 Online 3864 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7639 MB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 73
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 50 GB 101 MB
    Partition 3 Primary 625 GB 50 GB
    Partition 4 Recovery 22 GB 676 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 50 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E TEMP_PART01 NTFS Partition 625 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 4
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F SAMSUNG_REC NTFS Partition 22 GB Healthy Hidden

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3863 MB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H USB20FD FAT32 Removable 3863 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-28 11:55

    ======================= End Of Log ==========================
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  3. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Thanks for your help, I really appreciate it!

    Here is the search.txt:

    Farbar Recovery Scan Tool Version: 30-06-2012 04
    Ran by SYSTEM at 2012-07-01 10:20:19
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  4. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  5. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Here is my fixlog.txt. I am in the process of doing the combofix.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 30-06-2012 04
    Ran by SYSTEM at 2012-07-01 10:42:51 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.26551EFC42F92159 moved successfully.
    C:\Windows\System32\Drivers\ztgdaepm.sys moved successfully.
    C:\Windows\System32\services.exe.6B2FCBDAC23F3B4E moved successfully.
    C:\Windows\System32\services.exe.D5700CA9E4736953 moved successfully.
    C:\Windows\System32\services.exe.F5F905C98B4F5313 moved successfully.
    C:\Windows\System32\services.exe.E7AA26374AABF56B moved successfully.
    C:\Windows\System32\services.exe.B4F9720926DF0A61 moved successfully.
    C:\Windows\System32\services.exe.9716C049E27862B6 moved successfully.
    C:\Windows\System32\services.exe.129217ABB62BD4E1 moved successfully.
    C:\Windows\Installer\{5bcd3c61-957e-6ba1-4eba-d62c31cda963} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  6. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    I ran combofix, here is the log. I turned my antivirus back on. How should I proceed?

    ComboFix 12-07-01.03 - Robert 07/01/2012 10:56:42.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6361 [GMT -7:00]
    Running from: c:\users\Robert\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
    c:\users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\{04618B53-C32F-4A12-BC30-EACC92053E4E}.xps
    c:\users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89BD2AA4-29E5-4551-9430-BC45FC7F39A3}.xps
    c:\users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\ab_718D.tmp
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-01 18:02 . 2012-07-01 18:02 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8DA017C-4347-4335-A237-96ADFDF307E2}\offreg.dll
    2012-07-01 07:47 . 2012-07-01 07:48 -------- d-----w- C:\FRST
    2012-07-01 06:13 . 2012-07-01 06:13 -------- d-----w- c:\users\Robert\AppData\Roaming\DriverCure
    2012-07-01 06:13 . 2012-07-01 06:13 -------- d-----w- c:\users\Robert\AppData\Roaming\SpeedyPC Software
    2012-07-01 06:12 . 2012-07-01 06:12 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
    2012-07-01 06:12 . 2012-07-01 06:12 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-07-01 06:12 . 2012-07-01 06:12 -------- d-----w- c:\program files (x86)\SpeedyPC Software
    2012-07-01 05:53 . 2012-07-01 05:52 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96F41191-F1BA-4093-8372-33DC76761853}\gapaengine.dll
    2012-07-01 05:52 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8DA017C-4347-4335-A237-96ADFDF307E2}\mpengine.dll
    2012-07-01 05:50 . 2012-07-01 05:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-01 05:50 . 2012-07-01 05:50 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-30 18:01 . 2012-06-30 18:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-06-23 22:44 . 2012-06-23 22:44 -------- d-----w- c:\program files (x86)\AMD APP
    2012-06-23 21:56 . 2009-08-21 08:52 79976 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2012-06-23 21:56 . 2009-08-14 05:40 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-06-23 21:52 . 2012-06-23 21:52 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
    2012-06-21 17:38 . 2012-06-24 02:15 -------- d-----w- c:\windows\rescache
    2012-06-21 16:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 16:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 16:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 16:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 16:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 16:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 16:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 16:47 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 16:47 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-13 14:41 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 14:53 . 2012-04-25 19:41 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 14:53 . 2011-11-10 02:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 14:53 . 2012-04-25 20:30 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-30 06:50 . 2012-04-30 06:50 525792 ----a-w- c:\windows\DIFxAPI.dll
    2012-04-30 03:11 . 2012-04-30 03:11 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
    2012-04-26 06:35 . 2012-04-26 06:35 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MusicManager"="c:\users\Robert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    "Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2011-12-03 226816]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-19 880496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "VirtualCloneDrive"="d:\programs\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "StartCCC"="d:\programs\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
    .
    c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-10 1131296]
    SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-12-29 1826600]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DelayedDesktopSwitchTimeout"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    2;2 UNS;Intel(R) Management and Security Application User Notification Service [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    R2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programs\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-25 98616]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-30 21712]
    R3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB_x64.sys [2010-12-21 19968]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-30 1431888]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
    R3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\drivers\HSPUSB.sys [2010-12-21 24064]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-12-21 127488]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-12-21 128000]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-01-03 157160]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-01-03 145384]
    R3 ssaebus;SAMSUNG Android Composite Device driver (WDM);c:\windows\system32\drivers\ssaebus.sys [2010-12-21 136264]
    R3 ssaeunic;SAMSUNG Android Networking (CDC/EEM Ethernet) Drivers (WDM);c:\windows\system32\drivers\ssaeunic.sys [2010-12-21 178760]
    R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-12-21 127488]
    R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2010-12-21 129024]
    R3 ssuddmgr;SAMSUNG Mobile USB Device Management Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssuddmgr.sys [2011-02-18 202560]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2011-02-18 202560]
    R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2011-02-18 202560]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys [2008-05-29 21760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-10 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 PDMWorks Workgroup Server;SolidWorks Workgroup PDM Server;d:\programs\SolidWorks\Vault\pdmwService.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys [2011-09-23 80688]
    S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys [2011-09-23 23344]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-05 235520]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-09-23 79664]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SGDrv;SGDrv;c:\windows\system32\drivers\SGdrv64.sys [2011-04-11 7680]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-05 10720256]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-05 327168]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-06-02 128488]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-06-02 401896]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-12-26 200488]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-22 317440]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-20 12310112]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 19:39]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 19:39]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core.job
    - c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 19:21]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA.job
    - c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 19:21]
    .
    2012-07-01 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
    2012-03-27 04:32 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-20 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-20 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-20 416024]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://samsung.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-Blast Pack for Pocket Tanks Deluxe_is1 - c:\program files (x86)\Pocket Tanks Deluxe\unins001.exe
    AddRemove-Fire Pack BETA for Pocket Tanks Deluxe_is1 - d:\games\Pocket Tanks BETA\Pocket Tanks Deluxe\Pocket Tanks Deluxe\unins000.exe
    AddRemove-Ice Pack BETA 3 for Pocket Tanks Deluxe_is1 - d:\games\Pocket Tanks BETA\Pocket Tanks Deluxe\unins001.exe
    AddRemove-Ice Pack BETA for Pocket Tanks Deluxe_is1 - d:\games\Pocket Tanks BETA\unins001.exe
    AddRemove-LAME for Audacity_is1 - d:\programs\unins000.exe
    AddRemove-Party Pack for Pocket Tanks Deluxe_is1 - c:\program files (x86)\Pocket Tanks Deluxe\unins000.exe
    AddRemove-Space Pack BETA 3 for Pocket Tanks Deluxe_is1 - d:\games\Pocket Tanks BETA\Pocket Tanks Deluxe\unins002.exe
    AddRemove-Space Pack BETA for Pocket Tanks Deluxe_is1 - d:\games\Pocket Tanks BETA\unins002.exe
    AddRemove-Splashtop Software Updater - c:\program files (x86)\Splashtop\Splashtop Software Updater\uninst.exe
    AddRemove-{98BAFEF4-7A37-4E48-B66C-BA8D730EFFAF} - c:\program files (x86)\Pocket Tanks Deluxe\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1617886939-4081324411-3031297083-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:e1,05,a2,1d,78,d2,05,05,38,05,a6,02,bb,9b,50,28,25,0e,c6,e7,9b,b1,f5,
    ec,78,5e,e0,f1,b9,90,ff,7a,be,10,67,f9,df,9b,57,06,40,e6,72,fb,f8,06,20,c1,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\program files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
    c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-01 11:05:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-01 18:05
    .
    Pre-Run: 8,490,561,536 bytes free
    Post-Run: 8,635,301,888 bytes free
    .
    - - End Of File - - 28053273E59E882EBAE71398A90084D8
  7. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Looks good :)

    Any current issues?

    ==========================================

    Uninstall SpeedyPC Software.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==================================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Now, anything I open (folder or program it seems) I get the error:

    "Illegal operation attempted on a registry key that has been marked for deletion."

    Should I download your previously mentioned programs on another PC and move them to my current problematic one via flash drive?
  9. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Should I reboot my computer?
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    That's because you don't read my instructions carefully:
  11. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Just making sure! I removed SpeedyPC, here is my log for MBAM. I will reboot and get the other logs now.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.01.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Robert :: BERT [administrator]

    7/1/2012 11:27:08 AM
    mbam-log-2012-07-01 (11-27-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223215
    Time elapsed: 3 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  12. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    OTL.txt:

    OTL logfile created on: 7/1/2012 11:37:19 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Robert\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.92 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.20% Memory free
    15.83 Gb Paging File | 13.37 Gb Available in Paging File | 84.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 50.00 Gb Total Space | 8.09 Gb Free Space | 16.18% Space Free | Partition Type: NTFS
    Drive D: | 625.94 Gb Total Space | 465.41 Gb Free Space | 74.35% Space Free | Partition Type: NTFS

    Computer Name: BERT | User Name: Robert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 11:36:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
    PRC - [2012/06/01 16:17:16 | 013,806,592 | ---- | M] (Google Inc.) -- C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/19 14:08:03 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2011/12/14 04:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2011/12/14 04:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    PRC - [2011/12/14 04:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    PRC - [2011/12/06 18:12:38 | 002,798,160 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    PRC - [2011/12/02 23:32:44 | 000,226,816 | ---- | M] (Unified Remote) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe
    PRC - [2011/10/11 17:55:06 | 001,086,544 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/06 01:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    PRC - [2011/08/18 21:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    PRC - [2011/08/18 21:36:30 | 001,642,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    PRC - [2011/08/17 00:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/06/24 01:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/10 15:12:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2011/03/07 06:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- D:\Programs\VirtualCloneDrive\VCDDaemon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/28 03:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
    MOD - [2012/06/28 03:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    MOD - [2012/06/28 03:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
    MOD - [2012/06/28 03:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
    MOD - [2012/06/28 03:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
    MOD - [2012/06/28 03:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
    MOD - [2012/06/28 03:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
    MOD - [2012/06/28 01:27:26 | 009,252,040 | ---- | M] () -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    MOD - [2012/06/14 09:33:08 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 09:33:00 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/06/01 16:06:02 | 000,344,064 | ---- | M] () -- C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    MOD - [2012/06/01 16:05:48 | 000,346,624 | ---- | M] () -- C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    MOD - [2012/06/01 16:04:48 | 000,198,656 | ---- | M] () -- C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    MOD - [2012/06/01 16:04:46 | 000,364,032 | ---- | M] () -- C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    MOD - [2012/05/11 07:57:17 | 018,058,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
    MOD - [2012/05/11 07:56:00 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/11 07:50:08 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
    MOD - [2012/05/11 07:50:04 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/11 07:50:01 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/05/11 07:49:59 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
    MOD - [2012/05/11 07:49:58 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/11 07:49:54 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/16 09:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
    MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2006/08/11 20:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/12/30 11:22:14 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2011/12/05 06:11:58 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/09/22 23:20:42 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
    SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2011/05/10 15:12:52 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/09/22 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/12/29 16:42:05 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2011/12/29 16:42:04 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/12/14 04:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/12/09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/05 05:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011/05/05 05:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2011/03/01 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/24 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/05 09:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- D:\Programs\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV - [2010/03/17 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/26 14:41:05 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/12/05 06:45:42 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/12/05 05:12:16 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
    DRV:64bit: - [2011/11/25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/11/24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    DRV:64bit: - [2011/10/20 15:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/10/20 15:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/22 23:20:50 | 000,080,688 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\excsd.sys -- (excsd)
    DRV:64bit: - [2011/09/22 23:20:50 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\excfs.sys -- (excfs)
    DRV:64bit: - [2011/08/22 11:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2011/08/17 00:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2011/07/04 20:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/06/01 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/06/01 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/05/16 23:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/04/11 03:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/17 21:47:42 | 000,202,560 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
    DRV:64bit: - [2011/02/17 21:47:42 | 000,202,560 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex) SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.)
    DRV:64bit: - [2011/02/17 21:47:42 | 000,202,560 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssuddmgr.sys -- (ssuddmgr) SAMSUNG Mobile USB Device Management Serial Port(DEVGURU Ver.)
    DRV:64bit: - [2011/02/17 16:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/02/15 16:35:54 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/01/24 17:29:46 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2011/01/10 16:15:08 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2011/01/03 01:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/01/03 01:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,178,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssaeunic.sys -- (ssaeunic) SAMSUNG Android Networking (CDC/EEM Ethernet) Drivers (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,172,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssm_mdm.sys -- (ssm_mdm)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssaebus.sys -- (ssaebus) SAMSUNG Android Composite Device driver (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,136,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,024,064 | ---- | M] (MobileTop) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPUSB.sys -- (shspusb)
    DRV:64bit: - [2010/12/20 22:55:02 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB)
    DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/14 15:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/09/14 15:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/27 23:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/05/29 04:25:32 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaUsbEts.sys -- (ViaUsbEtsDriver)
    DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2012/04/29 20:11:00 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/10 09:33:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/01/08 01:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
    [2011/12/25 15:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\extensions
    [2011/12/25 15:13:24 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2012/06/29 00:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\extensions
    [2012/06/29 00:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\extensions\staged
    [2012/05/14 23:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/14 23:15:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/02/15 18:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Better Music for Google Play Music = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdollfdihekkbcgmbpjddfdaeigacmia\1.5.8_0\
    CHR - Extension: YouTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: TimelineRemove = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.5_0\
    CHR - Extension: Privacy SafeGuard = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
    CHR - Extension: AdBlock = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
    CHR - Extension: Google Play Music = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
    CHR - Extension: Gmail = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
  13. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Continued:


    O1 HOSTS File: ([2012/07/01 11:02:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [StartCCC] D:\Programs\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [VirtualCloneDrive] D:\Programs\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000..\Run: [MusicManager] C:\Users\Robert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Remote)
    O4 - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1617886939-4081324411-3031297083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22ACD203-BE0F-4818-8DD3-7E5DCB557A02}: DhcpNameServer = 127.0.0.1 192.168.1.3
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.ffds - ff_vfw.dll ()
    Drivers32:64bit: vidc.lags - lagarith.dll ( )
    Drivers32: msacm.ac3filter - C:\windows\SysWow64\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\windows\SysWow64\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\windows\SysWow64\ff_vfw.dll ()
    Drivers32: vidc.lags - C:\windows\SysWow64\Lagarith.dll ( )
    Drivers32: vidc.xvid - C:\windows\SysWow64\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/01 11:36:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
    [2012/07/01 11:26:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
    [2012/07/01 11:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/01 11:26:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/07/01 11:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/01 11:12:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/01 11:05:40 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/07/01 10:55:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/07/01 10:55:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/07/01 10:55:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/07/01 10:54:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/01 10:53:50 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/07/01 10:46:43 | 004,568,829 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
    [2012/07/01 00:47:50 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/30 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\DriverCure
    [2012/06/30 23:13:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\SpeedyPC Software
    [2012/06/30 23:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/06/30 22:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/30 22:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/30 11:01:26 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
    [2012/06/23 15:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/06/23 14:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
    [2012/06/23 14:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
    [2012/06/21 10:38:23 | 000,000,000 | ---D | C] -- C:\windows\rescache

    ========== Files - Modified Within 30 Days ==========

    [2012/07/01 11:44:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/01 11:42:41 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 11:42:41 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 11:39:14 | 000,783,224 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/07/01 11:39:14 | 000,662,898 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/07/01 11:39:14 | 000,122,436 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/07/01 11:36:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
    [2012/07/01 11:35:17 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/01 11:34:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/07/01 11:34:52 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/01 11:26:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 11:02:41 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/07/01 10:52:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA.job
    [2012/07/01 10:46:35 | 004,568,829 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
    [2012/06/30 22:50:49 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/06/30 22:50:38 | 000,797,374 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/06/30 13:54:21 | 000,002,375 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
    [2012/06/30 08:52:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core.job
    [2012/06/23 15:00:56 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2012/06/14 09:50:52 | 004,996,032 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/07/01 11:26:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/01 10:55:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/07/01 10:55:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/07/01 10:55:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/07/01 10:55:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/07/01 10:55:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/06/30 22:50:40 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/23 15:00:56 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2012/05/29 20:42:33 | 000,007,605 | ---- | C] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
    [2012/05/02 16:31:28 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
    [2012/04/01 11:23:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2012/03/13 11:06:30 | 004,417,024 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
    [2012/03/10 06:55:16 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\libbluray.dll
    [2012/03/10 06:55:10 | 006,454,984 | ---- | C] () -- C:\windows\SysWow64\avcodec-lav-54.dll
    [2012/03/10 06:55:10 | 001,146,161 | ---- | C] () -- C:\windows\SysWow64\avformat-lav-54.dll
    [2012/03/10 06:55:10 | 000,371,592 | ---- | C] () -- C:\windows\SysWow64\swscale-lav-2.dll
    [2012/03/10 06:55:10 | 000,206,473 | ---- | C] () -- C:\windows\SysWow64\avutil-lav-51.dll
    [2012/03/10 06:55:10 | 000,142,473 | ---- | C] () -- C:\windows\SysWow64\avfilter-lav-2.dll
    [2012/03/08 02:21:03 | 000,217,536 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2012/03/08 02:20:59 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/03/08 02:20:53 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
    [2012/03/08 02:20:53 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
    [2012/03/08 02:20:53 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
    [2012/03/08 02:20:46 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2012/02/26 09:47:02 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
    [2012/02/26 09:46:18 | 000,260,608 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
    [2012/02/26 09:46:00 | 000,158,720 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
    [2012/02/26 09:46:00 | 000,099,840 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
    [2012/02/26 09:45:58 | 001,525,248 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
    [2012/02/26 09:45:58 | 000,146,944 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
    [2012/02/26 09:45:56 | 000,212,480 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
    [2012/02/26 09:45:56 | 000,115,200 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
    [2012/02/26 09:45:54 | 000,328,704 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
    [2012/02/26 09:45:54 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
    [2012/02/22 17:27:13 | 000,000,132 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/30 11:28:15 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
    [2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
    [2011/11/09 14:59:27 | 000,797,374 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/10/16 23:34:17 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
    [2011/10/16 23:11:29 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2011/10/16 22:39:59 | 000,004,590 | ---- | C] () -- C:\windows\HotFixList.ini
    [2011/10/16 22:27:15 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
    [2011/09/08 07:00:52 | 000,150,528 | ---- | C] () -- C:\windows\SysWow64\mkx.dll
    [2011/09/08 07:00:48 | 000,142,336 | ---- | C] () -- C:\windows\SysWow64\mp4.dll
    [2011/09/08 07:00:42 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\ogm.dll
    [2011/09/08 07:00:38 | 000,249,856 | ---- | C] () -- C:\windows\SysWow64\dxr.dll
    [2011/09/08 07:00:34 | 000,113,152 | ---- | C] () -- C:\windows\SysWow64\dsmux.exe
    [2011/09/08 07:00:24 | 000,154,624 | ---- | C] () -- C:\windows\SysWow64\ts.dll
    [2011/09/08 07:00:10 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\mkv2vfr.exe
    [2011/09/08 07:00:06 | 000,358,400 | ---- | C] () -- C:\windows\SysWow64\gdsmux.exe
    [2011/09/08 06:59:54 | 000,080,384 | ---- | C] () -- C:\windows\SysWow64\mkzlib.dll
    [2011/09/08 06:59:52 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\mkunicode.dll
    [2011/05/30 06:42:50 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
    [2011/05/23 00:46:30 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
    [2011/05/20 02:16:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
    [2011/05/20 02:16:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
    [2011/05/20 02:16:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
    [2011/05/20 02:16:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
    [2011/04/04 16:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2011/04/04 16:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/03/03 04:39:56 | 000,109,568 | ---- | C] () -- C:\windows\SysWow64\avi.dll
    [2011/03/03 04:38:10 | 000,097,792 | ---- | C] () -- C:\windows\SysWow64\avs.dll
    [2011/03/03 04:37:50 | 000,093,184 | ---- | C] () -- C:\windows\SysWow64\avss.dll
    [2010/08/18 12:56:38 | 000,000,151 | ---- | C] () -- C:\windows\SysWow64\Registration.ini

    ========== LOP Check ==========

    [2012/04/14 10:11:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.minecraft
    [2012/05/02 16:38:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\AnvSoft
    [2011/12/30 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Audacity
    [2012/06/23 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bioshock
    [2011/12/29 16:45:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DassaultSystemes
    [2012/06/30 23:13:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DriverCure
    [2012/07/01 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Dropbox
    [2012/05/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Leawo
    [2012/03/15 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SoftGrid Client
    [2012/06/30 23:13:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SpeedyPC Software
    [2012/04/11 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Spotify
    [2011/12/26 21:25:32 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SystemRequirementsLab
    [2012/05/02 16:33:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\tiger-k
    [2011/12/25 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TP
    [2012/01/02 00:52:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Unified Remote
    [2012/07/01 11:40:26 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\uTorrent
    [2012/01/27 11:52:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Windows Live Writer
    [2011/12/29 17:06:46 | 000,030,556 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/07/01 11:05:39 | 000,030,337 | ---- | M] () -- C:\ComboFix.txt
    [2012/07/01 11:34:52 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/29 23:50:40 | 000,002,338 | ---- | M] () -- C:\RHDSetup.log
    [2012/04/29 23:50:40 | 000,000,206 | ---- | M] () -- C:\setup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >
    [2010/08/06 00:09:44 | 000,016,018 | ---- | M] () -- C:\windows\Samsung.png

    < %systemroot%\*.scr >
    [2011/08/02 01:13:00 | 023,161,463 | ---- | M] () -- C:\windows\Screensaver_Racing.scr
    [2011/09/20 17:10:00 | 072,670,022 | ---- | M] () -- C:\windows\Series7_CHRONOS_ENG.scr
    [2011/05/12 23:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/12/25 12:18:06 | 000,000,221 | -HS- | M] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/07/01 10:46:35 | 004,568,829 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
    [2012/07/01 11:36:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/07/01 11:35:17 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/01 11:44:05 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/30 08:52:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core.job
    [2012/07/01 10:52:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA.job
    [2012/07/01 11:34:59 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
    [2011/12/29 17:06:46 | 000,030,556 | ---- | M] () -- C:\windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/17 09:38:53 | 000,000,402 | -HS- | M] () -- C:\Users\Robert\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/16 22:39:55 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2011/10/16 22:32:18 | 000,000,113 | ---- | M] () -- C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    [2011/10/16 22:37:42 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2011/10/16 22:37:04 | 000,000,106 | ---- | M] () -- C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    [2011/10/16 22:39:08 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
  14. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Extras.txt:

    OTL Extras logfile created on: 7/1/2012 11:37:19 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Robert\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.92 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.20% Memory free
    15.83 Gb Paging File | 13.37 Gb Available in Paging File | 84.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 50.00 Gb Total Space | 8.09 Gb Free Space | 16.18% Space Free | Partition Type: NTFS
    Drive D: | 625.94 Gb Total Space | 465.41 Gb Free Space | 74.35% Space Free | Partition Type: NTFS

    Computer Name: BERT | User Name: Robert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- D:\Torrents\CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- D:\Torrents\CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{5FA3134E-6160-41D9-B7D7-B2B3456A26C5}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{B04CC2FA-D704-4594-9B4D-B8A6D8517E3C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{FD71CD01-7B38-481D-AA8C-D524315A7B62}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{511FCB6C-5555-4D7A-A173-B4CEF921D037}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{63A03D36-0780-4FDB-982B-1B2105EAED7B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{7331C2EB-957E-4E1C-8258-0F419CEFC886}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
    "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
    "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
    "{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP0
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5ECFC170-8934-4D31-8374-0837288D6AE3}" = SolidWorks eDrawings 2011 x64 Edition SP0
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
    "{81C515C3-11D3-E041-5D2B-E0C20F119A08}" = ccc-utility64
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
    "DriverAgent.exe" = DriverAgent by eSupport.com
    "Elantech" = ETDWare PS/2-X64 10.7.5.0_SimpleUI
    "MatlabR2011a" = MATLAB R2011a
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "Zune" = Zune
  15. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Continued:


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{06C7A42F-29A2-70D0-DAD6-9090D14A23AE}" = CCC Help Japanese
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0FA45B8E-E679-E971-E828-A6094A2F3CAA}" = CCC Help German
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{13A0EE0F-DBE7-EA93-29CA-DE8897CB729A}" = CCC Help Portuguese
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{193906A4-2BCC-370C-0A4A-FD48B8C042FB}" = CCC Help Turkish
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1B8E891E-AC03-85AF-FD5C-A511DB0E6ECA}" = CCC Help Russian
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1DE807DD-BB57-47DE-B942-F032615BC462}" = Catalyst Control Center - Branding
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21FD381A-08CD-1C8E-BE43-F48F7401297A}" = CCC Help Swedish
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{22B88E86-9C20-F701-E544-9802C22A08DA}" = CCC Help Dutch
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
    "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
    "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
    "{4F8D27D7-EE97-DEF5-BD87-D0DDFDA5E79A}" = CCC Help Greek
    "{4FC0AB6B-CC85-4656-6374-C1ED4C9F4273}" = Catalyst Control Center Profiles Mobile
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
    "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{52B378B1-859F-C2F7-13D6-3731393BD77C}" = CCC Help Chinese Traditional
    "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
    "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
    "{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{6F660928-4EB0-4821-A624-87B6840C0F9D}" = CCC Help French
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{75F509C3-5F01-48C1-ACB9-B9B38A952E6C}" = Unified Remote
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
    "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
    "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
    "{794B48F5-AA4D-0AE3-EF48-3A6EA3F8555A}" = Catalyst Control Center
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A294EBD-E427-06EC-71AD-CA74005EF0A9}" = CCC Help Hungarian
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{90A4A506-22F4-91A0-7138-52D1FDD67457}" = PX Profile Update
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{98BAFEF4-7A37-4E48-B66C-BA8D730EFFAF}" = Pocket Tanks Deluxe v1.3 By Argogo
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A2A08DE2-2A16-3687-E8D7-0F0C99A4FD76}" = CCC Help Italian
    "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A50A4FBE-D45C-7344-D64C-81FC479939BE}" = CCC Help Spanish
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B631FA4A-41A7-ACBC-E13D-7482B3A5ABCD}" = Catalyst Control Center Localization All
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
    "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C5CFC899-3A50-0062-3104-C97561FA570E}" = CCC Help English
    "{C6360625-2310-227B-5062-63853DA8592A}" = CCC Help Finnish
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C773F93E-55EE-01DF-F600-961D4D220982}" = CCC Help Czech
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
    "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
    "{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
    "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
    "{CB383BE9-7518-4ABD-826E-8FC4695F7D52}" = Interactive Guide
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB67486B-993C-78B4-AB75-70C67866E95A}" = CCC Help Thai
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
    "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
    "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP0
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1E7C6A2-5C4A-FFF0-7F5B-8AEEE7BB03CF}" = CCC Help Polish
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7D9C79F-3789-B58D-A5B5-F584C0229A34}" = CCC Help Korean
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
    "{EB2DACFE-9E87-2C96-9D4B-92B317F8B1F2}" = CCC Help Chinese Standard
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EBCC17D4-AF91-2FAE-D333-08A787DBA40E}" = CCC Help Danish
    "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EE97F73F-A846-412B-9C40-D5F7E90B68F1}" = SolidWorks Workgroup PDM Server 2012 SP01 x64 Edition
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
    "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F63BD208-4F59-7F43-8DA9-EC919BA8836B}" = CCC Help Norwegian
    "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
    "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
    "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
    "Adobe AIR" = Adobe AIR
    "Alan Wake_is1" = Alan Wake
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
    "Blast Pack for Pocket Tanks Deluxe_is1" = Blast Pack for Pocket Tanks Deluxe
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Fire Pack BETA for Pocket Tanks Deluxe_is1" = Fire Pack BETA 3 for Pocket Tanks Deluxe
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
    "Ice Pack BETA 3 for Pocket Tanks Deluxe_is1" = Ice Pack BETA 3 for Pocket Tanks Deluxe
    "Ice Pack BETA for Pocket Tanks Deluxe_is1" = Ice Pack BETA for Pocket Tanks Deluxe
    "Ice Pack for Pocket Tanks Deluxe_is1" = Ice Pack for Pocket Tanks Deluxe
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Basic)
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Media Player - Codec Pack" = Media Player Codec Pack 4.1.9
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Party Pack for Pocket Tanks Deluxe_is1" = Party Pack for Pocket Tanks Deluxe
    "Pocket Tanks Deluxe_is1" = Pocket Tanks Deluxe v1.6 BETA 3
    "Red Chain Portal_is1" = Red Chain Portal
    "SolidWorks Installation Manager 20110-40000-1100-100" = SolidWorks 2011 x64 Edition SP0
    "Space Pack BETA 3 for Pocket Tanks Deluxe_is1" = Space Pack BETA 3 for Pocket Tanks Deluxe
    "Space Pack BETA for Pocket Tanks Deluxe_is1" = Space Pack BETA for Pocket Tanks Deluxe
    "TeamViewer 7" = TeamViewer 7
    "The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live 程式集

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1617886939-4081324411-3031297083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "MusicManager" = Music Manager
    "Spotify" = Spotify
    "UCSB CS56 S12 ChoicePoints 2 Ramon Rovirosa and Shervin Shaikh CalcGui" = UCSB CS56 S12 ChoicePoints 2 Ramon Rovirosa and Shervin Shaikh CalcGui

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/10/2012 12:00:28 PM | Computer Name = Bert | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 32796246

    Error - 5/10/2012 12:00:28 PM | Computer Name = Bert | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 32796246

    Error - 5/10/2012 12:00:29 PM | Computer Name = Bert | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/10/2012 12:00:29 PM | Computer Name = Bert | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 32797323

    Error - 5/10/2012 12:00:29 PM | Computer Name = Bert | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 32797323

    Error - 5/10/2012 12:02:44 PM | Computer Name = Bert | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(70:73:cb:7e:95:cc@fe80::7273:cbff:fe7e:95cc._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 5/10/2012 2:48:11 PM | Computer Name = Bert | Source = Application Error | ID = 1000
    Description = Faulting application name: pockettanks.exe, version: 1.3.0.4, time
    stamp: 0x46fbc00f Faulting module name: pockettanks.exe, version: 1.3.0.4, time
    stamp: 0x46fbc00f Exception code: 0xc0000005 Fault offset: 0x0008809e Faulting process
    id: 0xd78 Faulting application start time: 0x01cd2edd28eabbbd Faulting application
    path: D:\Programs\Pocket Tanks\pockettanks.exe Faulting module path: D:\Programs\Pocket
    Tanks\pockettanks.exe Report Id: b0793ae8-9ad0-11e1-91fb-e0ca947579c4

    Error - 5/10/2012 2:49:39 PM | Computer Name = Bert | Source = Application Error | ID = 1000
    Description = Faulting application name: pockettanks.exe, version: 1.3.0.4, time
    stamp: 0x46fbc00f Faulting module name: pockettanks.exe, version: 1.3.0.4, time
    stamp: 0x46fbc00f Exception code: 0xc0000005 Fault offset: 0x0008809e Faulting process
    id: 0x21e8 Faulting application start time: 0x01cd2edd7e435d58 Faulting application
    path: D:\Programs\Pocket Tanks\pockettanks.exe Faulting module path: D:\Programs\Pocket
    Tanks\pockettanks.exe Report Id: e5203df5-9ad0-11e1-91fb-e0ca947579c4

    Error - 5/10/2012 6:13:52 PM | Computer Name = Bert | Source = WinMgmt | ID = 10
    Description =

    Error - 5/10/2012 6:16:31 PM | Computer Name = Bert | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 7/1/2012 1:45:05 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/1/2012 1:59:00 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/1/2012 2:00:41 PM | Computer Name = Bert | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/1/2012 2:01:26 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/1/2012 2:01:30 PM | Computer Name = Bert | Source = DCOM | ID = 10010
    Description =

    Error - 7/1/2012 2:02:12 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7000
    Description = The Splashtop® Remote Service service failed to start due to the following
    error: %%2

    Error - 7/1/2012 2:02:14 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/1/2012 2:22:36 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7000
    Description = The Splashtop® Remote Service service failed to start due to the following
    error: %%2

    Error - 7/1/2012 2:34:22 PM | Computer Name = Bert | Source = DCOM | ID = 10010
    Description =

    Error - 7/1/2012 2:35:00 PM | Computer Name = Bert | Source = Service Control Manager | ID = 7000
    Description = The Splashtop® Remote Service service failed to start due to the following
    error: %%2


    < End of report >
  16. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    That is all the logs, how should I proceed? Things appear normal.
  17. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  18. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Security Check text:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Java(TM) 6 Update 31
    Adobe Reader X (10.1.1)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
    FSS.txt:
    Farbar Service Scanner Version: 01-07-2012
    Ran by Robert (administrator) on 01-07-2012 at 14:01:46
    Running from "D:\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe
    [2011-10-16 23:08] - [2011-03-01 01:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****

    I will do steps 3 and 4 momentarily.
     
  19. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    I completed step 3 and here is the log for 4:

    C:\FRST\Quarantine\services.exeWin64/Patched.A.Gen trojandeleted - quarantined
    C:\FRST\Quarantine\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{5bcd3c61-957e-6ba1-4eba-d62c31cda963}\U\80000000.@Win64/Sirefef.AE trojancleaned by deleting - quarantined
    D:\Downloads\cnet2_Pazera_Free_MKV_to_AVI_Converter_zip.exea variant of Win32/InstallCore.D applicationcleaned by deleting - quarantined
    D:\Downloads\cnet2_Pazera_Free_MP4_to_AVI_Converter_exe.exea variant of Win32/InstallCore.D applicationcleaned by deleting - quarantined
    D:\Downloads\media.player.codec.pack.v4.1.9.setup.exeprobably a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    D:\Downloads\The_Sims_3.exemultiple threatscleaned by deleting - quarantined
    D:\Torrents\Telltale Games\The Walking Dead\The Walking Dead.isoa variant of Win32/Kryptik.AHQW trojandeleted - quarantined
  20. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  21. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Thank you for all your help, you are a life saver! Here is my log for OTL:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ADMINI~1
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Robert
    ->Temp folder emptied: 455789 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8555692 bytes
    ->Flash cache emptied: 379 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    [EMPTYFLASH]

    User: ADMINI~1

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Robert
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: ADMINI~1

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Robert
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07012012_161251

    Files\Folders moved on Reboot...
    C:\Users\Robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...

    A few questions: Are there any side effects to what happened to my computer? Is there any way to tell if I lost any files, and if so, what I lost?
  22. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Yes!! [​IMG]
    Good luck and stay safe :)
  23. CheeseJam

    CheeseJam Newcomer, in training Topic Starter Posts: 31

    Thanks again! :)

    A few questions: Are there any side effects to what happened to my computer from this seemingly common virus? Is there any way to tell if I lost any files, and if so, what I lost? I noticed missing icons on my desktop when I first noticed the virus, so I thought I may have lost some files, but don't know for sure.
  24. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Most likely not but you're the only one who can find out.
    CheeseJam likes this.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.