Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NEED HELP! Combofix has errors when installing


  • This topic is locked This topic is locked
13 replies to this topic

#1 Southern Belle

Southern Belle

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 25 February 2012 - 12:41 AM

heyal,

i caught a trojan on my pc and when i tried to use combofix [had to get new version] and install it it came up with errors about writing and would never finish

what can be the problem? how do i fix it?

need all the help i can get

thank you,
southern belle

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 29 February 2012 - 03:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 04 March 2012 - 03:26 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Southern Belle

Southern Belle
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 08 March 2012 - 04:23 PM

heyal,

sorry i had to make a new thread because i hadn't replied to other one soon enough, my apologies!

i've been infected and have done the following:

malware bytes showed 0 infected
ccleaner clean registry
eset scanner currently still scanning after 13 hours and have found 8 so far.

i'm not sure what else to do to get rid of them, the only symptom i'm having is that i have slow internet browsing and system is a little slow "not responding" comes up a lot on both.

please let me know if yal can help i'll be sure to check my email! :whistle: :wacko:

thank you,
southern belle

Edited by Andrew, 08 March 2012 - 04:27 PM.
Mod Edit: Merged Repost


#5 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:08 AM

Posted 08 March 2012 - 04:25 PM

Reopened by OP request.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 08 March 2012 - 04:34 PM

Hi southern belle

please see my reply to your initial post and post the logs that I requested in it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Southern Belle

Southern Belle
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 08 March 2012 - 04:58 PM

hi,

i'm scanning now and will post this later tonite have appt's today thanks so much i appreciate all your help!

thank you,
southern belle

#8 Southern Belle

Southern Belle
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 08 March 2012 - 06:08 PM

hi,

this is the EXTRAS.txt:

OTL Extras logfile created on: 3/8/2012 1:56:37 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = D:\Received Files\Anti-Virus Tools and Related\Bleeping Computer
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 47.44% Memory free
6.49 Gb Paging File | 3.72 Gb Available in Paging File | 57.37% Paging File free
Paging file location(s): c:\pagefile.sys 500 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 236.00 Gb Total Space | 142.94 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 969.92 Gb Free Space | 52.07% Space Free | Partition Type: NTFS
Drive E: | 217.07 Gb Total Space | 122.50 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive G: | 248.69 Gb Total Space | 143.34 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
Drive J: | 229.65 Gb Total Space | 229.19 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 111.79 Gb Total Space | 24.17 Gb Free Space | 21.62% Space Free | Partition Type: NTFS
Drive L: | 55.89 Gb Total Space | 6.00 Gb Free Space | 10.73% Space Free | Partition Type: NTFS

Computer Name: SOUTHERNBELLEAM | User Name: Southern Belle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Audio Progz\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Graphics\Adobe\Creative Suite 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Audio Progz\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Audio Progz\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Graphics\Adobe\Creative Suite 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Audio Progz\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Appz\DownLoad Managers\FlashGet Network\FlashGet 3\FlashGet3.exe" = E:\Appz\DownLoad Managers\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"E:\Appz\DownLoad Managers\FlashGet Network\FlashGet 3\FlashGet3.exe" = E:\Appz\DownLoad Managers\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D3BCE9D-1759-41D0-8083-7B1380E7A87E}" = Microsoft SQL Server 2008 Upgrade Advisor
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4C572C3A-A257-4F7A-97CC-1E74CC21B3D2}" = Diskeeper 2010 Pro Premier
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7 (64-bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14A023A2-3B5C-467A-A6C4-8583AE0BDF0E}" = LightScribe Template Designs - Kickin It Pack 1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.8
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18143CE1-430E-4FF3-A44F-811FD2910929}" = LightScribe Template Designs - Mythology Pack 1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 30
"{272F534A-29A8-40D4-8E0C-2A9A596F808D}" = LightScribe Template Designs - Tribal Pack 1
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30F8B542-330F-4B99-9813-7A6C5283D212}_is1" = iCare Data Recovery Software3.7.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{361AA6F2-124E-4E98-9402-83B1445B8448}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{417D86A0-89FE-4308-B172-45B74DCE6F8F}" = USB2.0 PC Camera
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D371573-2CDC-33E5-AA15-1CB3FDD6EABF}" = Google Talk Plugin
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4E8FD73A-B055-4A62-9C37-FF36D2186328}" = AVEO USB2.0 PC Camera(S5HVTV1P20821)
"{4EB092F5-185E-4FE6-8ED7-23F61C17D76C}" = SYSTAT 12
"{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}" = LightScribe Template Designs - Music Pack 1
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{5083111a-dd5b-4885-ab2d-8e92bddf8a1c}" = Music and Song Lyrics
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator 10 CE
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{605C0E57-BBB8-458F-9020-B17DCF0D5DEA}" = LightScribe Template Designs - Floral Pack 1
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63D3D558-EAF4-419B-880C-208DAC13F794}" = LightScribe Template Designs - Travel Pack 1
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7495F8B4-6F73-496C-AC48-FE7F8867FF59}" = LightScribe Template Designs - With The Band
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CFD02D2-44CF-4033-97E8-768A82C4C007}" = Roxio Plextor Driver Documentation
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{81A28748-46BA-4010-A877-E9808993C214}" = LightScribe Template Designs - Architecture Pack 1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = USB PC Camera
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}" = EasyInfo
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A5CC4D86-371A-4044-A7F3-C6CFCC4CA813}" = LightScribe Template Designs - Expressions
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B06EFB5F-FDDC-4DA3-BE5C-3E2A72D5BEAE}" = LightScribe Template Designs - Food-n-Family Pack 1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}" = LightScribe Template Designs - Grab Bag Pack 1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC4B59B2-8EC5-49A3-A0E6-DFB0ABDD3D1F}" = Active@ Data CD/DVD/Blu-ray Burner
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{CB3C10B1-C8C2-4197-A687-0901064F68AB}" = Roxio Creator 10 CE
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1C70CF7-F2F3-4A15-ADE5-5DF1BA0739E1}" = LightScribe Template Designs - Bonus Pack 1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D683E370-3B68-4BE0-8C29-1326F2EABCCC}" = SYSTAT 12 Manuals
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{D8DC6125-2994-486A-9A86-DE16AAD5A23B}" = LightScribe Template Designs - FavoriteThings
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE72186D-A4A5-4504-839C-B14FC3432DA1}" = LightScribe Template Designs - Fantasy Pack 1
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}" = LightScribe Template Designs - Tattoo Pack 1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F82E9B29-EE4B-418F-9CA4-A70DA610553D}" = LightScribe Template Designs - Street Style Pack 1
"{F8C7F1F2-EF8A-4019-89A8-77C5667F75C7}" = LightScribe Template Designs - Animal Pack 1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"=VO= Custom Mod Version 2.0" = =VO= Custom Mod Version 2.0
"10mm AUTO - Map Pack#1.1" = 10mm AUTO - Map Pack#1.1
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"5 Spots II_is1" = 5 Spots II
"6103-4188-8184-5707" = RapidShare Manager 2
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Presenter 7" = Adobe Presenter 7
"Aleks 3.15" = Aleks 3.15
"am-texttwist2" = TextTwist 2
"Application_X_1.0" = JFrameBuilder 3.3.0
"Ares" = Ares 2.0.9
"Bejeweled 2" = Bejeweled 2
"Bejeweled 3" = Bejeweled 3
"Black Hawk Down" = Black Hawk Down
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.15.7.8
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Download Manager" = Download Manager 2.3.10
"EASEUS Data Recovery Wizard Professional 5.0.1_is1" = EASEUS Data Recovery Wizard Professional 5.0.1
"EASEUS Partition Master Server Edition_is1" = EASEUS Partition Master 5.8.1 Server Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 4000" = Eye Candy 4000
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
"ffdshow" = ffdshow (remove only)
"Fiddler2" = Fiddler2
"FlashGet 3.3" = FlashGet 3.3
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.3.0402
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"GameSpy Arcade" = GameSpy Arcade
"Hoyle Casino 2010" = Hoyle Casino 2010 (remove only)
"Hoyle Slots 2010" = Hoyle Slots 2010 (remove only)
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Internet Download Manager" = Internet Download Manager
"jGRASP" = jGRASP
"Logitech Vid" = Logitech Vid HD
"LoqTTS-Dave_is1" = Loquendo TTS: Dave (American English)
"LoqTTS-Kenneth_is1" = Loquendo TTS: Kenneth (American English)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Magic Photo Editor_is1" = Magic Photo Editor 3.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MegaStat Excel 2007" = MegaStat Excel 2007
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Notepad++" = Notepad++
"NoteTab Pro 6_is1" = NoteTab Pro 6 (Remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PlexUtil" = PlexUtilities 1.1.8.0
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.378
"Speed Dial Utility" = Canon Speed Dial Utility
"ST6UNST #1" = Java GUI Builder
"SureThing CD Labeler Deluxe_is1" = SureThing CD Labeler Deluxe 5.2.632.0
"SureThing CD Labeler LightScribe_is1" = SureThing CD Labeler LightScribe 5.0.581.0
"TeamViewer 7" = TeamViewer 7
"TextAloud MP3_is1" = TextAloud
"TopStyle4_is1" = TopStyle 4
"TurboTax 2010" = TurboTax 2010
"USBKVM Switcher_is1" = USBKVM Switcher 1.30
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"webmmf" = WebM Media Foundation Components
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WinZip" = WinZip
"WordWeb" = WordWeb Pro
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xilisoft ISO Burner" = Xilisoft ISO Burner
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2012 4:43:43 PM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\Graphics\Adobe\Acrobat
9\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A
component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/7/2012 5:07:29 AM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Southern Belle\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/7/2012 5:45:36 AM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 3/7/2012 5:50:09 AM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/7/2012 10:38:08 PM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\Graphics\Adobe\Acrobat
9\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A
component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/7/2012 10:38:08 PM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\Graphics\Adobe\Acrobat
9\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A
component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/8/2012 1:05:46 AM | Computer Name = SouthernBelleAM2 | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 3/8/2012 1:12:08 AM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\Graphics\Adobe\Acrobat
9\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A
component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/8/2012 1:12:08 AM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\Graphics\Adobe\Acrobat
9\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A
component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 3/8/2012 1:13:13 AM | Computer Name = SouthernBelleAM2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Southern Belle\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ System Events ]
Error - 3/2/2012 2:45:11 PM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Serial Driver service failed to start due to the following
error: %%2

Error - 3/2/2012 2:45:11 PM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 3/2/2012 2:45:21 PM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 3/2/2012 3:13:59 PM | Computer Name = SouthernBelleAM2 | Source = bowser | ID = 8003
Description =

Error - 3/3/2012 5:08:57 AM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Serial Driver service failed to start due to the following
error: %%2

Error - 3/3/2012 5:08:57 AM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 3/3/2012 5:09:06 AM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 3/8/2012 1:04:51 AM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Serial Driver service failed to start due to the following
error: %%2

Error - 3/8/2012 1:04:52 AM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 3/8/2012 1:05:01 AM | Computer Name = SouthernBelleAM2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter


< End of report >


this is the olt.txt:

OTL logfile created on: 3/8/2012 1:56:29 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = D:\Received Files\Anti-Virus Tools and Related\Bleeping Computer
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 47.44% Memory free
6.49 Gb Paging File | 3.72 Gb Available in Paging File | 57.37% Paging File free
Paging file location(s): c:\pagefile.sys 500 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 236.00 Gb Total Space | 142.94 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 969.92 Gb Free Space | 52.07% Space Free | Partition Type: NTFS
Drive E: | 217.07 Gb Total Space | 122.50 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive G: | 248.69 Gb Total Space | 143.34 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
Drive J: | 229.65 Gb Total Space | 229.19 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 111.79 Gb Total Space | 24.17 Gb Free Space | 21.62% Space Free | Partition Type: NTFS
Drive L: | 55.89 Gb Total Space | 6.00 Gb Free Space | 10.73% Space Free | Partition Type: NTFS

Computer Name: SOUTHERNBELLEAM | User Name: Southern Belle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 13:55:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Received Files\Anti-Virus Tools and Related\Bleeping Computer\OTL.exe
PRC - [2012/02/22 22:04:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/19 03:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/29 12:15:01 | 003,462,552 | ---- | M] (Tonec Inc.) -- E:\OnLine Progz\Internet Download Manager\IDMan.exe
PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/07/14 04:21:10 | 000,108,032 | ---- | M] () -- E:\Audio Progz\VLC\vlc.exe
PRC - [2011/04/07 20:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010/05/25 06:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- E:\OnLine Progz\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/10/30 11:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- E:\Utilities\StuffIt\ArcNameService.exe
PRC - [2008/09/10 12:17:40 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2008/09/08 10:03:58 | 000,113,136 | ---- | M] () -- C:\CDDVDRW Progz\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2006/01/12 08:39:28 | 000,585,728 | ---- | M] (UNICLASS) -- C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 03:49:48 | 000,429,040 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll
MOD - [2012/03/06 03:49:46 | 003,772,912 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
MOD - [2012/03/06 03:48:22 | 000,122,880 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\avutil-51.dll
MOD - [2012/03/06 03:48:20 | 000,220,672 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\avformat-53.dll
MOD - [2012/03/06 03:48:19 | 001,747,456 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
MOD - [2012/03/06 00:25:19 | 008,593,056 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
MOD - [2012/03/03 12:15:07 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/22 22:04:13 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2011/07/14 04:21:22 | 001,712,128 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/07/14 04:21:22 | 001,137,664 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libxml_plugin.dll
MOD - [2011/07/14 04:21:22 | 001,108,992 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,368,640 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libtheora_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,325,120 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libswscale_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,078,848 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libzip_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,046,592 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,040,448 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,038,912 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,036,864 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,031,232 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libyuvp_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,031,232 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011/07/14 04:21:20 | 011,496,448 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libqt4_plugin.dll
MOD - [2011/07/14 04:21:20 | 002,169,856 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libskins2_plugin.dll
MOD - [2011/07/14 04:21:20 | 001,013,248 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,130,048 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libspeex_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,036,864 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,034,304 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,033,792 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,031,744 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libscale_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,031,232 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,237,568 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libpng_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,194,048 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libmp4_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,128,000 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,108,032 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,038,912 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libmono_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,037,888 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/07/14 04:21:16 | 001,776,128 | ---- | M] () -- E:\Audio Progz\VLC\plugins\liblibass_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,338,432 | ---- | M] () -- E:\Audio Progz\VLC\plugins\liblua_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,135,680 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,073,728 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,052,224 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,048,640 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,046,592 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,046,080 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,039,936 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,038,400 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,037,888 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,036,352 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,035,840 | ---- | M] () -- E:\Audio Progz\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,033,792 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,033,792 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,032,768 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libi422_i420_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,032,768 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,652,800 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libfreetype_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,309,760 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libfaad_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,265,216 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libflac_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,258,048 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,231,424 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,210,944 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdshow_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,178,176 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,067,072 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,061,440 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdirect3d_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,039,424 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,039,424 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdts_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,037,376 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libfake_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,032,256 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,032,256 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,031,744 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,031,232 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libdrawable_plugin.dll
MOD - [2011/07/14 04:21:12 | 008,248,320 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libavcodec_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,088,064 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libavi_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,057,856 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libblend_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,046,592 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,045,568 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libaraw_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,041,472 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,034,304 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libcdg_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,033,280 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libaes3_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,032,768 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011/07/14 04:21:10 | 002,263,552 | ---- | M] () -- E:\Audio Progz\VLC\libvlccore.dll
MOD - [2011/07/14 04:21:10 | 000,108,032 | ---- | M] () -- E:\Audio Progz\VLC\vlc.exe
MOD - [2011/07/14 04:21:10 | 000,101,376 | ---- | M] () -- E:\Audio Progz\VLC\libvlc.dll
MOD - [2011/07/14 04:21:10 | 000,090,112 | ---- | M] () -- E:\Audio Progz\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/07/14 04:21:10 | 000,065,536 | ---- | M] () -- E:\Audio Progz\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011/07/14 04:21:10 | 000,036,352 | ---- | M] () -- E:\Audio Progz\VLC\plugins\liba52_plugin.dll
MOD - [2011/07/14 04:21:10 | 000,030,720 | ---- | M] () -- E:\Audio Progz\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2011/04/07 20:54:38 | 000,239,720 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2010/06/16 11:48:34 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/06/16 11:48:32 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/06/16 11:48:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2008/09/08 10:03:58 | 000,113,136 | ---- | M] () -- C:\CDDVDRW Progz\Roxio\CinePlayer\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/01 22:56:06 | 002,430,288 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/19 03:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/11 04:46:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/18 10:14:47 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/04/07 20:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/10/30 11:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- E:\Utilities\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/09 08:07:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/09/09 08:07:14 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/19 01:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam C210(UVC)
DRV:64bit: - [2011/08/19 01:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/06 07:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/04/30 13:54:25 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/03/03 07:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/12 15:19:48 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/01/07 15:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/12/07 06:52:05 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/07 06:52:05 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/07 06:52:02 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/09/28 23:03:22 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/13 15:31:36 | 000,265,088 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVEOdcnt.sys -- (AVEO)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/03/23 01:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2010/03/10 11:29:28 | 000,052,144 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/02/23 10:51:14 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/02/23 10:51:14 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2009/12/14 11:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 11:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/09/08 17:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/16 07:43:08 | 003,479,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2008/09/09 10:16:52 | 000,173,040 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64)
DRV:64bit: - [2006/01/17 09:24:24 | 001,106,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/06/06 16:47:36 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/02/23 10:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 10:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/09 09:12:54 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/05/27 14:35:20 | 000,171,520 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\aveodcnt.sys -- (AVEO)
DRV - [2006/11/01 14:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimfltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B6602D99-2D1F-47cc-9EC3-4A7AC41EC20C}: "URL" = http://www.oneriot.com/search?q={searchTerms}&ssrc=browserBox&p=OneRiotMySpaceToolbar/5.0.0.0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {1C1FB5BC-CB3D-4830-BEA3-9CD857A0EDCA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1C1FB5BC-CB3D-4830-BEA3-9CD857A0EDCA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GPCK_en
IE - HKCU\..\SearchScopes\{537550E0-3CD6-4779-90BB-4D604C7C1CF0}: "URL" = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
IE - HKCU\..\SearchScopes\{5C9CCE65-4DAC-4E33-ADE8-C49E7277D3C3}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{9B862BB2-A20F-4496-8944-FA61D68FD5FE}: "URL" = http://www.microsoft.com/windows/compatibility/windows-7/Search.aspx?type=Software&s={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{B6602D99-2D1F-47cc-9EC3-4A7AC41EC20C}: "URL" = http://www.oneriot.com/search?q={searchTerms}&ssrc=browserBox&p=OneRiotMySpaceToolbar/5.0.0.0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.8.9
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.8
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.5
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Audio Progz\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: e:\Games\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: E:\Audio Progz\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: E:\Graphics\Adobe\Acrobat 9\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Southern Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Southern Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Southern Belle\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Southern Belle\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Southern Belle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: E:\Graphics\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/06/01 14:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/06/10 21:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/22 22:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/29 23:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2011/04/30 13:54:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Southern Belle\AppData\Roaming\IDM\idmmzcc5 [2012/01/08 10:12:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Southern Belle\AppData\Roaming\IDM\idmmzcc5 [2012/01/08 10:12:05 | 000,000,000 | ---D | M]

[2011/07/26 11:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Extensions
[2012/03/02 13:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\extensions
[2012/02/18 21:52:44 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/22 16:44:41 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2012/03/02 13:58:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\extensions\mozilla_cc@internetdownloadmanager.com
[2011/10/26 16:22:33 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\extensions\plugin@yontoo.com
[2011/10/26 16:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions
[2011/04/22 21:34:47 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/05/12 13:23:49 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/08/28 20:00:16 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2010/08/28 19:40:14 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2010/08/28 19:55:00 | 000,000,000 | ---D | M] (zblack) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2010/11/30 20:56:17 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011/04/13 01:39:53 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/28 19:46:03 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
[2011/04/22 21:34:38 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/08/28 19:57:16 | 000,000,000 | ---D | M] (Curacao) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
[2010/07/09 03:43:10 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010/08/28 19:51:05 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/08/28 19:51:16 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\cfxe@Triton
[2010/08/30 18:30:29 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\cfxHelper@Triton
[2011/04/22 21:34:38 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\DTToolbar@toolbarnet.com
[2010/11/30 20:56:23 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\extension@virtusdesigns.com
[2011/05/12 13:23:49 | 000,000,000 | ---D | M] (Send Mail in Browser) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\mailinbrowser@permurl.com
[2011/05/12 13:23:46 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\nasanightlaunch@example.com
[2011/10/26 16:22:34 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\plugin@yontoo.com
[2010/11/30 20:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\extension@virtusdesigns.com\chrome
[2010/08/28 20:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}\mozapps\extensions
[2010/08/28 19:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}\browser\extensions
[2010/08/28 19:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}\browser\extensions\inspector
[2010/08/28 19:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}\mozapps\extensions
[2010/11/30 20:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\glw1bat0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2012/03/02 20:00:26 | 000,005,166 | ---- | M] () -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\searchplugins\word-finder.xml
[2012/02/24 18:02:46 | 000,001,682 | ---- | M] () -- C:\Users\Southern Belle\AppData\Roaming\Mozilla\Firefox\Profiles\99t30p6s.default\searchplugins\word-unscrambler.xml
[2012/02/18 21:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/13 16:21:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/30 13:55:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/06/01 14:39:03 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- E:\GRAPHICS\ADOBE\CREATIVE SUITE 5\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2012/02/22 22:04:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/02/22 22:04:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/22 22:04:11 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Southern Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Southern Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Audio Progz\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Southern Belle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = E:\Audio Progz\VLC\npvlc.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = e:\Games\Download Manager\npfpdlm.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Bejeweled = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: All Java Sources = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleifhehdjlljnlbaplopcbnbgifpphg\0.96_0\
CHR - Extension: TV = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: 9 Ball Pool = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmncmephfckdpcmohbdpcnkmchejma\1.0_0\
CHR - Extension: YouTube = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Radio Player Live = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\2.0.7_0\
CHR - Extension: Pool = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.5_0\
CHR - Extension: Java Code Search Engine = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbhcodflocjbiehncfhliommnkpoaie\1.0_0\
CHR - Extension: Google Search = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AT_RoyalDelft = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdmilaabmnfnmaladcoaoikbadhapmc\3_0\
CHR - Extension: Bullseye = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmljgkjphgdiiomfkmoalhleilfikfap\1.0_0\
CHR - Extension: Apple Shooter = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbcjjgkapdombcilbfbjapkbpnocbkcf\1.0_0\
CHR - Extension: Torrent Turbo Search = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgomceilgkonhjheaijcmgfhabmpio\3.5.5.8_0\
CHR - Extension: Kickup = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\giemgalgnfohfgmmlbmdcoflfkicofkh\1.1_0\
CHR - Extension: Bird Hunting = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlonlhbgbebmodljnbjokeiklknpgjjm\2.0_0\
CHR - Extension: Crackle = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.2_0\
CHR - Extension: Color Piano = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\0.3.2.12_0\
CHR - Extension: Brain Waves = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikojchkbhnichnjehbhbloaiapifmk\3.0_0\
CHR - Extension: Code Search = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpdnpbccdmalpkhhkedldbggllecand\1.1_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AudioSauna = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.200_0\
CHR - Extension: Karaoke = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmocbpionccifjahhddfjmofmgloajdk\1.0_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.11_0\
CHR - Extension: Baseball = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhojdiehgghgngigefpodnejmedlcfhf\2.1_0\
CHR - Extension: Java Populars! = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oapojegdcjjaeehmicinhimakliedchj\1.2_0\
CHR - Extension: Gmail = C:\Users\Southern Belle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/24 21:59:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\OnLine Progz\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\OnLine Progz\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Graphics\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Graphics\Adobe\Creative Suite 5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - E:\Appz\TextAloud\TAForIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DMXLauncher] C:\CDDVDRW Progz\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [IDMan] E:\OnLine Progz\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LegacyDrive = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download All By FlashGet3 - C:\Users\Southern Belle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - E:\OnLine Progz\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download By FlashGet3 - C:\Users\Southern Belle\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Download with IDM - E:\OnLine Progz\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Send to &Bluetooth Device... - C:\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Southern Belle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download all links with IDM - E:\OnLine Progz\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Southern Belle\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download with IDM - E:\OnLine Progz\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab (SolitaireRush Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab (H2hPool Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38316149-68DB-4AA0-AAB3-DE9703F38498}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FB0A4C0-56AC-4EF1-AAC2-9071C2D13CD3}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/01 18:27:18 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/11/15 20:45:13 | 000,000,000 | ---- | M] () - L:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 13:06:44 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\AppData\Local\ShippingAssistant
[2012/03/08 13:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USPS
[2012/03/08 13:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\United States Postal Service
[2012/03/08 13:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USPS
[2012/03/07 19:14:39 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/02/25 15:22:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/25 12:52:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/25 12:42:54 | 000,000,000 | ---D | C] -- C:\Comfix
[2012/02/25 12:41:34 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Southern Belle\Desktop\Comfix.exe
[2012/02/25 12:03:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 12:03:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/25 12:03:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/25 12:03:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/25 12:03:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/25 02:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loquendo
[2012/02/25 02:50:39 | 000,000,000 | ---D | C] -- C:\CepTemp
[2012/02/24 22:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/24 22:32:47 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Southern Belle\Desktop\esetsmartinstaller_enu.exe
[2012/02/24 22:15:44 | 000,000,000 | ---D | C] -- C:\Combo-Fix_211382C
[2012/02/24 21:49:41 | 000,000,000 | ---D | C] -- C:\Combo-Fix_2
[2012/02/23 17:10:12 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\PRG421Week2
[2012/02/23 03:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2012/02/23 00:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NextUp
[2012/02/22 23:57:09 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\AppData\Local\NextUp
[2012/02/22 10:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFrameBuilder
[2012/02/22 08:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JavaGui
[2012/02/22 06:24:23 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programming
[2012/02/22 06:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programming
[2012/02/22 06:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GuiGenie
[2012/02/22 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/22 00:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/21 23:55:50 | 000,000,000 | ---D | C] -- C:\Windows\AutoRearm
[2012/02/21 22:53:49 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\bluej
[2012/02/21 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
[2012/02/21 20:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueJ
[2012/02/20 12:20:52 | 000,000,000 | ---D | C] -- C:\Users\Southern Belle\.grasp_settings
[2012/02/20 09:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidShare Manager
[2012/02/20 09:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidShareManager
[2012/02/19 12:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jGRASP
[2012/02/19 12:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jGRASP
[2011/01/12 15:19:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Southern Belle\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 14:02:06 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-949763472-1995112170-2817483538-1000UA.job
[2012/03/08 13:45:06 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 13:45:05 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 13:06:23 | 000,002,777 | ---- | M] () -- C:\Users\Public\Desktop\Shipping Assistant 3.8.lnk
[2012/03/07 21:09:37 | 000,048,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/07 21:09:37 | 000,047,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/07 21:09:37 | 000,012,206 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/07 21:05:18 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\AutoRearm.job
[2012/03/07 21:05:17 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\AutoRearmDaily.job
[2012/03/07 21:04:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 21:04:23 | 536,506,367 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 19:14:39 | 000,002,110 | ---- | M] () -- C:\Users\Southern Belle\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft ISO Burner.lnk
[2012/03/07 19:14:39 | 000,002,086 | ---- | M] () -- C:\Users\Southern Belle\Desktop\Xilisoft ISO Burner.lnk
[2012/03/07 17:02:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-949763472-1995112170-2817483538-1000Core.job
[2012/03/07 01:07:16 | 000,002,449 | ---- | M] () -- C:\Users\Southern Belle\Desktop\Google Chrome.lnk
[2012/03/06 23:14:21 | 000,001,189 | ---- | M] () -- C:\Users\Southern Belle\AppData\Roaming\vso_ts_preview.xml
[2012/03/03 12:15:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/25 12:41:20 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Southern Belle\Desktop\Comfix.exe
[2012/02/25 12:17:57 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 12:06:07 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 22:33:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Southern Belle\Desktop\esetsmartinstaller_enu.exe
[2012/02/24 21:59:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/24 14:54:32 | 000,001,176 | ---- | M] () -- C:\Users\Southern Belle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/24 14:54:32 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 13:44:18 | 005,035,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/23 03:30:16 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\Bejeweled 3.lnk
[2012/02/23 03:30:16 | 000,000,201 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012/02/22 23:56:52 | 000,000,547 | ---- | M] () -- C:\Users\Southern Belle\Desktop\TextAloud.lnk
[2012/02/22 10:10:00 | 000,002,008 | ---- | M] () -- C:\Users\Southern Belle\Desktop\JFrameBuilder.lnk
[2012/02/22 10:09:31 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012/02/22 08:40:27 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/02/22 08:40:27 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/02/22 05:49:25 | 000,000,735 | ---- | M] () -- C:\Users\Southern Belle\Desktop\eclipse.exe - Shortcut.lnk
[2012/02/22 00:15:26 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2012/02/21 23:42:10 | 000,007,606 | ---- | M] () -- C:\Users\Southern Belle\AppData\Local\Resmon.ResmonCfg
[2012/02/21 20:23:11 | 000,001,940 | ---- | M] () -- C:\Users\Southern Belle\Desktop\BlueJ.lnk
[2012/02/20 09:18:53 | 000,002,122 | ---- | M] () -- C:\Users\Southern Belle\Application Data\Microsoft\Internet Explorer\Quick Launch\RapidShare Manager.lnk
[2012/02/20 09:18:53 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\RapidShare Manager.lnk
[2012/02/19 12:28:33 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\jGRASP.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 13:06:23 | 000,002,777 | ---- | C] () -- C:\Users\Public\Desktop\Shipping Assistant 3.8.lnk
[2012/03/07 19:14:39 | 000,002,110 | ---- | C] () -- C:\Users\Southern Belle\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft ISO Burner.lnk
[2012/03/07 19:14:39 | 000,002,086 | ---- | C] () -- C:\Users\Southern Belle\Desktop\Xilisoft ISO Burner.lnk
[2012/02/25 12:03:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 12:03:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 12:03:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 12:03:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 12:03:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 14:43:29 | 000,001,176 | ---- | C] () -- C:\Users\Southern Belle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/24 14:43:29 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 03:30:16 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\Bejeweled 3.lnk
[2012/02/23 03:30:16 | 000,000,201 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012/02/22 23:56:52 | 000,000,547 | ---- | C] () -- C:\Users\Southern Belle\Desktop\TextAloud.lnk
[2012/02/22 10:10:00 | 000,002,008 | ---- | C] () -- C:\Users\Southern Belle\Desktop\JFrameBuilder.lnk
[2012/02/22 05:49:25 | 000,000,735 | ---- | C] () -- C:\Users\Southern Belle\Desktop\eclipse.exe - Shortcut.lnk
[2012/02/21 23:55:51 | 000,000,242 | ---- | C] () -- C:\Windows\tasks\AutoRearm.job
[2012/02/21 23:55:50 | 000,000,226 | ---- | C] () -- C:\Windows\tasks\AutoRearmDaily.job
[2012/02/21 20:23:11 | 000,001,940 | ---- | C] () -- C:\Users\Southern Belle\Desktop\BlueJ.lnk
[2012/02/20 09:18:53 | 000,002,122 | ---- | C] () -- C:\Users\Southern Belle\Application Data\Microsoft\Internet Explorer\Quick Launch\RapidShare Manager.lnk
[2012/02/20 09:18:53 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\RapidShare Manager.lnk
[2012/02/19 12:28:33 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\jGRASP.lnk
[2011/10/10 23:45:38 | 000,000,000 | ---- | C] () -- C:\Users\Southern Belle\AppData\Local\rx_image32.Cache
[2011/09/18 10:36:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/06/01 01:14:06 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011/01/12 15:21:58 | 000,001,189 | ---- | C] () -- C:\Users\Southern Belle\AppData\Roaming\vso_ts_preview.xml
[2011/01/12 15:19:48 | 000,007,859 | ---- | C] () -- C:\Users\Southern Belle\AppData\Roaming\pcouffin.cat
[2011/01/12 15:19:48 | 000,001,167 | ---- | C] () -- C:\Users\Southern Belle\AppData\Roaming\pcouffin.inf
[2011/01/08 17:44:21 | 000,007,606 | ---- | C] () -- C:\Users\Southern Belle\AppData\Local\Resmon.ResmonCfg
[2010/11/10 19:51:29 | 000,003,584 | ---- | C] () -- C:\Users\Southern Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 01:55:50 | 000,000,132 | ---- | C] () -- C:\Users\Southern Belle\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/11/08 01:54:11 | 000,000,132 | ---- | C] () -- C:\Users\Southern Belle\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/10/06 00:44:20 | 001,362,460 | ---- | C] () -- C:\Windows\SysWow64\ExpansionHD_Firmware.bin
[2010/08/11 17:29:42 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MFC_InstDrvDLL.dll
[2010/07/03 15:49:09 | 000,000,117 | ---- | C] () -- C:\Windows\Circus.ini
[2010/07/03 15:47:39 | 000,000,042 | ---- | C] () -- C:\Windows\Piggybak.ini
[2010/07/03 15:47:18 | 000,000,033 | ---- | C] () -- C:\Windows\PBUpdate.ini
[2010/07/02 23:34:52 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/06/03 23:08:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/27 20:45:08 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/05/26 15:39:18 | 001,718,912 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/05/26 15:39:18 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/05/26 15:39:18 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/05/26 15:39:18 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/05/26 15:39:18 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/05/23 09:03:09 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/05/23 00:35:56 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/05/23 00:33:14 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/05/16 18:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/05/14 13:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/14 13:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/14 13:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/13 00:53:50 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/12 21:00:38 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
[2010/05/11 01:43:07 | 002,255,360 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/05/11 01:43:07 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/05/11 01:43:07 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/05/11 01:43:07 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/05/11 00:57:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/10 23:10:50 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2010/05/10 23:10:42 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 1294 bytes -> C:\Users\Southern Belle\AppData\Local\Temp:VWvImHm0nbGKnavNEODBd4KAROoEzN
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E965A533

< End of report >

eset scan is still running and says 12 threats detected.

is there anything else?

thank you!
southern belle

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 08 March 2012 - 07:29 PM

Hi,

what "errors" do you get when ComboFix installs? What makes you think you've got a trojan?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Southern Belle

Southern Belle
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 08 March 2012 - 08:09 PM

hi, i finally got combo fix to work but doesn't give any error now i don't remember the error it just wouldn't install but i got it when i ran it didn't show any errors but i'm going to run it again after these other test but the eset gave 22 detected will post the list in next post.

thanks!

#11 Southern Belle

Southern Belle
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 08 March 2012 - 08:11 PM

this is eset scan results from detected

D:\Received Files\Appz\Microsoft\Microsoft Office 2010\Microsoft Office 2010 Select x64.iso a variant of Win32/HackKMS.A application deleted - quarantined
D:\Received Files\Appz\Microsoft\Microsoft Office 2010\KMS Activator RS\Act2.rar a variant of Win32/HackKMS.A application deleted - quarantined
D:\Received Files\Appz\Microsoft\Microsoft Office 2010\KMS Activator RS\Activate-install\Activator.exe a variant of Win32/HackKMS.A application deleted - quarantined
D:\Received Files\Appz\Phonics\Leap Ahead Phonics\Leap Ahead Phonics.iso Win32/Adware.DSSAgent application deleted - quarantined
D:\Received Files\Appz\Readers\Voices\Cepstral.Swifttalker.with.Whispery.v5.1.0.Incl.Keygen-ArCADE.rar probably a variant of Win32/SdBot.CMPBSZK trojan deleted - quarantined
D:\Received Files\Programming Languages\Borland Delphi 7 Studio Enterprise\Borland_Delphi_7_Studio_Enterprise.part1.rar probably a variant of Win32/Agent.CQSGZXO trojan deleted - quarantined
D:\Received Files\Utilities\AntiVirus Malware Adware Removers\Malwarebytes_Anti-Malware_1.50_Final_with_serial.zip a variant of Win32/Rodecap.AM trojan deleted - quarantined
D:\Received Files\Utilities\Defragers\Diskeeper Pro Premier 2010\DK2010-mara-LifeTime Patch.zip Win32/Packed.Autoit.C.Gen application deleted - quarantined
G:\1 NTFS\Recieved Files\CD-DVD Progz\CDRW - DVDRW Progz and Utilities\CDBankCataloguer\CDBankCataloguer keygen v2.7.4.285.zip probably a variant of Win32/Adware.Agent.FLIFSVE application deleted - quarantined
G:\1 NTFS\Recieved Files\CD-DVD Progz\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH\nero8-fdb\nero8-fdb.iso Win32/Toolbar.AskSBar application deleted - quarantined
G:\1 NTFS\Recieved Files\Fosi-files\fo-dpp31.zip probably unknown NewHeur_PE virus deleted - quarantined
G:\1 NTFS\Recieved Files\Graphic\Adobe creative suite premium\Adobe Creative Suite Serial+ Activation Keygen.rar probably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2010-09-19 190008\Backup Files 2010-09-19 190008\Backup files 2.zip a variant of Win32/Toolbar.MyWebSearch.O application deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2010-09-19 190008\Backup Files 2010-09-19 190008\Backup files 4.zip multiple threats deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 7.zip a variant of Win32/Toolbar.MyWebSearch.O application deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 9.zip multiple threats deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2010-12-26 190052\Backup Files 2011-01-09 190020\Backup files 1.zip multiple threats deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2011-01-23 190001\Backup Files 2011-01-23 190001\Backup files 6.zip multiple threats deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2011-01-23 190001\Backup Files 2011-01-23 190001\Backup files 7.zip probably a variant of Win32/Adware.Gamevance.BH application deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2011-02-20 190004\Backup Files 2011-02-20 190004\Backup files 10.zip multiple threats deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2011-02-20 190004\Backup Files 2011-02-20 190004\Backup files 6.zip multiple threats deleted - quarantined
G:\SOUTHERNBELLEAM\Backup Set 2011-02-20 190004\Backup Files 2011-02-20 190004\Backup files 7.zip probably a variant of Win32/Adware.Gamevance.BH application deleted - quarantined


thank you it says it deleted and quarantined them.


whats next?

thanks!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 09 March 2012 - 05:26 AM

Hi,

those are all cracks and backups you created yourself.

D:\Received Files\Appz\Microsoft\Microsoft Office 2010\Microsoft Office 2010 Select x64.iso a variant of Win32/HackKMS.A application deleted - quarantined
D:\Received Files\Appz\Microsoft\Microsoft Office 2010\KMS Activator RS\Act2.rar a variant of Win32/HackKMS.A application deleted - quarantined
D:\Received Files\Appz\Microsoft\Microsoft Office 2010\KMS Activator RS\Activate-install\Activator.exe a variant of Win32/HackKMS.A application deleted - quarantined
D:\Received Files\Appz\Phonics\Leap Ahead Phonics\Leap Ahead Phonics.iso Win32/Adware.DSSAgent application deleted - quarantined
D:\Received Files\Appz\Readers\Voices\Cepstral.Swifttalker.with.Whispery.v5.1.0.Incl.Keygen-ArCADE.rar probably a variant of Win32/SdBot.CMPBSZK trojan deleted - quarantined
D:\Received Files\Programming Languages\Borland Delphi 7 Studio Enterprise\Borland_Delphi_7_Studio_Enterprise.part1.rar probably a variant of Win32/Agent.CQSGZXO trojan deleted - quarantined
D:\Received Files\Utilities\AntiVirus Malware Adware Removers\Malwarebytes_Anti-Malware_1.50_Final_with_serial.zip a variant of Win32/Rodecap.AM trojan deleted - quarantined
D:\Received Files\Utilities\Defragers\Diskeeper Pro Premier 2010\DK2010-mara-LifeTime Patch.zip Win32/Packed.Autoit.C.Gen application deleted - quarantined
G:\1 NTFS\Recieved Files\CD-DVD Progz\CDRW - DVDRW Progz and Utilities\CDBankCataloguer\CDBankCataloguer keygen v2.7.4.285.zip probably a variant of Win32/Adware.Agent.FLIFSVE application deleted - quarantined
G:\1 NTFS\Recieved Files\CD-DVD Progz\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH\nero8-fdb\nero8-fdb.iso Win32/Toolbar.AskSBar application deleted - quarantined
G:\1 NTFS\Recieved Files\Fosi-files\fo-dpp31.zip probably unknown NewHeur_PE virus deleted - quarantined
G:\1 NTFS\Recieved Files\Graphic\Adobe creative suite premium\Adobe Creative Suite Serial+ Activation Keygen.rar probably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan deleted - quarantined



The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Southern Belle

Southern Belle
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:08 AM

Posted 11 March 2012 - 05:22 PM

those are old sorry about that i'm removing them and will repost thanks

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 29 March 2012 - 08:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users