Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NASTY Rootkit, Thanks for helping, in advance.


  • This topic is locked This topic is locked
6 replies to this topic

#1 hosnappp

hosnappp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 24 March 2012 - 03:01 AM

So basically, this thing has left mine and my girlfriend's computer relatively inoperable. You guys probably already know the details. I can't write to the disk or anything. I've been dealing with these kinds of things for a while, but this one has me stumped.

I've tried booting into Linux and running a scan on the Windows installation, but the tricky bastard closes the scan around 60 percent. Hmmm.

Worse, yet, I can't install many rootkit removers as I cannot write .dll's or anything! Any software driver is a no-go.

Now, I know the professional/expert solution may be to reinstall, but I'm afraid this thing is in the firmware or my BIOS. Here's a log.
I've been at it for a long time and the computer is getting progressively worse. As a fellow expert, please tell me I'm wrong. I hope it's not in the hardware operation, by now. If I have to reinstall Windows, fine. Just not in the hardware systems.

Again, thanks in advance.

EDIT:

Posted Image

What I've been dealing with when trying to install anything.

EDIT2:

Added ComboFix/aswMBR Log after running them in Safe Mode.


O4 - HKCU\..\Run: [Google Update] "C:\Users\Ally\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C414918-F2EF-4E85-83AE-2E691DF29C23}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F4F362A-A36F-40D7-85CA-5882E4F55AF9}: NameServer = 8.26.56.26,156.154.70.22
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Skyhook Wireless XPS Service (xpssvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe

--
End of file - 9560 bytes

Attached Files


Edited by hosnappp, 24 March 2012 - 04:59 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 AM

Posted 28 March 2012 - 06:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 hosnappp

hosnappp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 28 March 2012 - 03:21 PM

Extras.Txt:


OTL Extras logfile created on: 3/28/2012 4:08:49 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ally\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.84% Memory free
7.60 Gb Paging File | 5.60 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 306.03 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive D: | 24.87 Gb Total Space | 3.64 Gb Free Space | 14.62% Space Free | Partition Type: NTFS

Computer Name: ALLY-HP | User Name: Ally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1871566390-2869288090-778840236-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1ED09A2E-9CB0-4694-B108-BD414AD32C2F}" = Max 5.1.9
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{523F8FD3-7C17-4CBE-A51E-CFAA773463FC}" = Skyhook Wireless XPS Service
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10BFDC04-317E-4DF2-8773-ACC02155B055}" = HP Navigator
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}" = Alcor Micro USB Card Reader
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5776E400-655A-44E0-B67C-A236E498AB26}" = Flux_BitterSweetII
"{5F5D8937-508B-440F-9C1B-19CB78DBB834}" = Pocket Tanks Deluxe
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6468BD9A-B88F-4ED5-8A06-C90CD882FA78}" = Qualcomm Gobi 2000 Package for HP
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank 2.5
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D19CC646-D545-4403-8D9F-C524BBD03032}" = HP Documentation
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4DCFD0F-7B68-4C44-B208-99027AD1AC69}" = keFIR VST plugin
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"7-Zip" = 7-Zip 9.20
"9330efb6" = Contextual Tool Yourprofitclub
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnalogX SayIt" = AnalogX SayIt
"Android SDK Tools" = Android SDK Tools
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASIO4ALL" = ASIO4ALL
"AUM Reverb_is1" = AUM Reverb
"Camel Audio CamelCrusher" = Camel Audio CamelCrusher
"Celemony Melodyne Plugin_is1" = Celemony Melodyne Plugin VST RTAS v1.0
"Chaos Pack for Pocket Tanks Deluxe_is1" = Chaos Pack v1.1 for Pocket Tanks Deluxe
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"daHornet VSTi V1.34_is1" = daHornet Version 1.34
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"Fiddler2" = Fiddler2
"Flamethrower Pack for Pocket Tanks Deluxe_is1" = Flamethrower Pack v1.1 for Pocket Tanks Deluxe
"Fraps" = Fraps (remove only)
"Fuzz Pack for Pocket Tanks Deluxe_is1" = Fuzz Pack v1.0 for Pocket Tanks Deluxe
"Glitch One MB VSTi V1.0b_is1" = Glitch One MB VSTi Version 1.0b
"Gravity Pack for Pocket Tanks Deluxe_is1" = Gravity Pack v1.1 for Pocket Tanks Deluxe
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}" = Alcor Micro USB Card Reader
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iZotope pHATmatik PRO_is1" = iZotope pHATmatik PRO
"Kazrog LLC Recabinet 3 VST v3.0.0_is1" = Kazrog LLC Recabinet 3 VST v3.0.0
"Line 6 Uninstaller" = Line 6 Uninstaller
"Live 8.2.5" = Live 8.2.5
"Magic Pack for Pocket Tanks Deluxe_is1" = Magic Pack v1.0 for Pocket Tanks Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"My HP Game Console" = HP Game Console
"Nano Pack for Pocket Tanks Deluxe_is1" = Nano Pack v1.0 for Pocket Tanks Deluxe
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Nuke Pack for Pocket Tanks Deluxe_is1" = Nuke Pack v1.1 for Pocket Tanks Deluxe
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Ohmicide VST" = Ohm Force - Ohmicide VST
"Party Pack for Pocket Tanks Deluxe_is1" = Party Pack for Pocket Tanks Deluxe
"Photo Stamp Remover_is1" = Photo Stamp Remover 4.0
"PowerISO" = PowerISO
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"ReValver Mk IIIdotV_is1" = ReValver Mk IIIdotV
"Revo Uninstaller" = Revo Uninstaller 1.93
"Rocket Pack for Pocket Tanks Deluxe_is1" = Rocket Pack v1.0 for Pocket Tanks Deluxe
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.1 for Pocket Tanks Deluxe
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SoundToys Native Effects VST RTAS_is1" = SoundToys Native Effects VST RTAS v3.1.2
"Starcraft" = Starcraft
"StreamTorrent 1.0" = StreamTorrent 1.0
"Sylenth1_is1" = Sylenth1 v1.01.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Waves Complete v7_is1" = Waves Complete VST RTAS TDM v7.1.16
"WildTangent hp Master Uninstall" = HP Games
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1871566390-2869288090-778840236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2012 5:24:09 AM | Computer Name = Ally-HP | Source = VSS | ID = 8193
Description =

Error - 3/24/2012 5:47:33 AM | Computer Name = Ally-HP | Source = Application Error | ID = 1000
Description = Faulting application name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Faulting module name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Exception code: 0xc0000005 Fault offset: 0x000040cd Faulting
process id: 0x7b0 Faulting application start time: 0x01cd09a319b51321 Faulting application
path: C:\Users\Ally\Desktop\RootkitRevealer.exe Faulting module path: C:\Users\Ally\Desktop\RootkitRevealer.exe
Report
Id: 606b578b-7596-11e1-ad07-00a0c6000000

Error - 3/24/2012 5:48:11 AM | Computer Name = Ally-HP | Source = Application Error | ID = 1000
Description = Faulting application name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Faulting module name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Exception code: 0xc0000005 Fault offset: 0x000040cd Faulting
process id: 0x780 Faulting application start time: 0x01cd09a330f1a1ed Faulting application
path: C:\Users\Ally\Desktop\RootkitRevealer.exe Faulting module path: C:\Users\Ally\Desktop\RootkitRevealer.exe
Report
Id: 77901895-7596-11e1-ad07-00a0c6000000

Error - 3/24/2012 6:30:57 AM | Computer Name = Ally-HP | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files (x86)\Hewlett-Packard\HP
Advisor\VersionManager.exe".Error in manifest or policy file "C:\Program Files
(x86)\Hewlett-Packard\HP Advisor\VersionManager.exe.Config" on line 0. Invalid Xml
syntax.

Error - 3/24/2012 7:43:05 AM | Computer Name = Ally-HP | Source = Google Update | ID = 20
Description =

Error - 3/24/2012 10:43:05 AM | Computer Name = Ally-HP | Source = Google Update | ID = 20
Description =

Error - 3/25/2012 1:43:05 AM | Computer Name = Ally-HP | Source = Google Update | ID = 20
Description =

Error - 3/25/2012 4:43:05 AM | Computer Name = Ally-HP | Source = Google Update | ID = 20
Description =

Error - 3/25/2012 7:43:05 AM | Computer Name = Ally-HP | Source = Google Update | ID = 20
Description =

Error - 3/25/2012 10:43:05 AM | Computer Name = Ally-HP | Source = Google Update | ID = 20
Description =

[ HP Wireless Assistant Events ]
Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCaslWireless'
threw an exception. at hpCASL.ChpCaslWireless..ctor() at HP_Common.CaslWrapper.get_CaslWireless()

at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCASL'
threw an exception. at hpCASL.ChpCASL.c()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.Exception Calling process C:\Program Files\Hewlett-Packard\HP
Wireless Assistant\HPWA_Service.exe does not have a valid signature. HP CASL loading
aborted at hpCASL.ChpCASL.a()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCaslEvents'
threw an exception. at hpCASL.ChpCaslEvents..ctor() at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCASL'
threw an exception. at hpCASL.ChpCASL.c()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.Exception Calling process C:\Program Files\Hewlett-Packard\HP
Wireless Assistant\HPWA_Service.exe does not have a valid signature. HP CASL loading
aborted at hpCASL.ChpCASL.a()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException ServiceWorkerMethod ABORTED! - The
type initializer for 'hpCASL.ChpCaslSystem' threw an exception. at hpCASL.ChpCaslSystem..ctor()

at HP_Common.CaslWrapper.GetSystemID(String& systemID) at HPPA_Service.CurrentConfiguration..ctor()

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException ServiceWorkerMethod ABORTED! - The
type initializer for 'hpCASL.ChpCASL' threw an exception. at hpCASL.ChpCASL.c()

Error - 5/7/2011 12:01:28 PM | Computer Name = Ally-HP | Source = HP WA Service | ID = 0
Description = System.Exception ServiceWorkerMethod ABORTED! - Calling process C:\Program
Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe does not have a valid
signature. HP CASL loading aborted at hpCASL.ChpCASL.a()

Error - 8/21/2011 10:02:11 PM | Computer Name = Ally-HP | Source = HP WA Mobility Center Tile Link | ID = 0
Description = HardwareAccess.UnableToConnectException App.ApplicationStartup; a problem
was encountered while starting the app and needs to terminate Error in the application.

at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32
timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort
port, Int32 timeout) at HPWA_MobilityCenterTileLink.App.ApplicationStartup(Object
sender, StartupEventArgs args)

[ Media Center Events ]
Error - 3/18/2012 11:18:44 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 11:18:44 AM - Error connecting to the internet. 11:18:44 AM - Unable
to contact server..

Error - 3/18/2012 11:18:53 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 11:18:49 AM - Error connecting to the internet. 11:18:49 AM - Unable
to contact server..

Error - 3/24/2012 8:03:03 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 8:03:03 AM - Error connecting to the internet. 8:03:03 AM - Unable
to contact server..

Error - 3/24/2012 8:03:11 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 8:03:08 AM - Error connecting to the internet. 8:03:08 AM - Unable
to contact server..

Error - 3/24/2012 9:03:15 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 9:03:15 AM - Error connecting to the internet. 9:03:15 AM - Unable
to contact server..

Error - 3/24/2012 9:03:21 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 9:03:20 AM - Error connecting to the internet. 9:03:20 AM - Unable
to contact server..

Error - 3/24/2012 10:03:26 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 10:03:26 AM - Error connecting to the internet. 10:03:26 AM - Unable
to contact server..

Error - 3/24/2012 10:03:31 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 10:03:31 AM - Error connecting to the internet. 10:03:31 AM - Unable
to contact server..

Error - 3/24/2012 11:03:36 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 11:03:36 AM - Error connecting to the internet. 11:03:36 AM - Unable
to contact server..

Error - 3/24/2012 11:03:42 AM | Computer Name = Ally-HP | Source = MCUpdate | ID = 0
Description = 11:03:41 AM - Error connecting to the internet. 11:03:41 AM - Unable
to contact server..

[ System Events ]
Error - 3/2/2012 12:39:52 AM | Computer Name = Ally-HP | Source = Service Control Manager | ID = 7000
Description = The Intel® Rapid Storage Technology service failed to start due
to the following error: %%1053

Error - 3/2/2012 7:56:29 PM | Computer Name = Ally-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/5/2012 2:25:23 PM | Computer Name = Ally-HP | Source = LsaSrv | ID = 6033
Description = An anonymous session connected from ALLY-HP has attempted to open
an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED
to prevent leaking security sensitive information to the anonymous caller. The
application that made this attempt needs to be fixed. Please contact the application
vendor. As a temporary workaround, this security measure can be disabled by setting
the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
DWORD value to 1. This message will be logged at most once a day.

Error - 3/9/2012 7:39:31 PM | Computer Name = Ally-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/11/2012 4:48:26 PM | Computer Name = Ally-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the EFS service.

Error - 3/11/2012 4:51:26 PM | Computer Name = Ally-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/12/2012 5:03:28 PM | Computer Name = Ally-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/14/2012 3:38:30 PM | Computer Name = Ally-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/14/2012 3:40:55 PM | Computer Name = Ally-HP | Source = BugCheck | ID = 1001
Description =

Error - 3/19/2012 12:53:37 AM | Computer Name = Ally-HP | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -374373 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.17:123) is working
properly.


< End of report >


OTL.txt:


OTL logfile created on: 3/28/2012 4:08:49 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ally\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.84% Memory free
7.60 Gb Paging File | 5.60 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.59 Gb Total Space | 306.03 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive D: | 24.87 Gb Total Space | 3.64 Gb Free Space | 14.62% Space Free | Partition Type: NTFS

Computer Name: ALLY-HP | User Name: Ally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/28 16:08:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ally\Downloads\OTL.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/08/12 13:55:06 | 000,332,024 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
PRC - [2010/06/25 02:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/04/15 12:45:42 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/04/15 12:44:48 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 00:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 00:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/21 08:21:12 | 000,429,040 | ---- | M] () -- C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll
MOD - [2012/03/21 08:21:11 | 003,772,912 | ---- | M] () -- C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
MOD - [2012/03/21 08:19:37 | 000,122,880 | ---- | M] () -- C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\avutil-51.dll
MOD - [2012/03/21 08:19:35 | 000,220,672 | ---- | M] () -- C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\avformat-53.dll
MOD - [2012/03/21 08:19:34 | 001,747,456 | ---- | M] () -- C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\avcodec-53.dll
MOD - [2012/03/21 03:44:18 | 008,593,056 | ---- | M] () -- C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
MOD - [2012/02/15 04:31:59 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll
MOD - [2012/02/15 04:26:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:26:03 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 04:25:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/15 04:25:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/15 04:25:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/15 04:25:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/15 04:25:32 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/19 09:23:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/02/09 09:13:28 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/11/23 06:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/06/28 06:48:18 | 000,919,880 | ---- | M] (Skyhook Wireless) [Auto | Running] -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe -- (xpssvc)
SRV:64bit: - [2010/06/18 19:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/18 01:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/02/09 09:13:18 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/08/12 13:55:06 | 000,332,024 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe -- (QDLService2kHP) Qualcomm Gobi 2000 Download Service (HP)
SRV - [2010/06/29 22:00:08 | 000,027,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 16:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/25 09:15:46 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/04/15 12:45:42 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/04/15 12:44:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 00:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/13 21:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 21:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 21:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/30 16:13:46 | 000,772,096 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX)
DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/03/24 23:14:12 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/13 11:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/25 01:19:40 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/12 12:38:02 | 000,443,392 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnethp2k.sys -- (qcusbnethp2k) Gobi 2000 USB-NDIS miniport(03F0-251D)
DRV:64bit: - [2010/08/12 12:38:00 | 000,230,784 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserhp2k.sys -- (qcusbserhp2k) Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D)
DRV:64bit: - [2010/08/12 12:38:00 | 000,137,800 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcombushp.sys -- (qcombushp) Gobi 2000 USB Composite Device Driver(03F0-251D)
DRV:64bit: - [2010/08/12 12:37:58 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterhp2k.sys -- (qcfilterhp2k)
DRV:64bit: - [2010/06/25 23:01:04 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 02:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/18 01:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/01 23:35:26 | 000,016,896 | ---- | M] (Skyhook Wireless) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XPSVCOM.sys -- (XPSVCOM)
DRV:64bit: - [2010/04/12 04:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/02 20:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 23:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/11/11 17:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/03/13 03:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011/12/29 14:40:54 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B2486F54-FF78-4A91-92A7-40979DA38D8C}
IE:64bit: - HKLM\..\SearchScopes\{96898115-A71A-45F3-8D5B-2F7534B3CF21}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{9A0C9261-BFC5-4DAD-A9F5-D207DB7CBB9B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B2486F54-FF78-4A91-92A7-40979DA38D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C3AD3A8A-37CC-477C-B75A-40B3F1DCA771}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {B2486F54-FF78-4A91-92A7-40979DA38D8C}
IE - HKLM\..\SearchScopes\{96898115-A71A-45F3-8D5B-2F7534B3CF21}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{9A0C9261-BFC5-4DAD-A9F5-D207DB7CBB9B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{B2486F54-FF78-4A91-92A7-40979DA38D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C3AD3A8A-37CC-477C-B75A-40B3F1DCA771}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53515

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53515



IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://getii.com/7z
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\SearchScopes,DefaultScope = {C7576B9D-B442-46bc-AF74-080A9E723E01}
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\SearchScopes\{96898115-A71A-45F3-8D5B-2F7534B3CF21}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\SearchScopes\{9A0C9261-BFC5-4DAD-A9F5-D207DB7CBB9B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\SearchScopes\{B2486F54-FF78-4A91-92A7-40979DA38D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\SearchScopes\{C3AD3A8A-37CC-477C-B75A-40B3F1DCA771}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYUS&apn_uid=DC2A33AE-3602-4D3F-9A08-15F73FA36A75&apn_sauid=E540D468-3889-42F0-B70B-104C40E27584
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ally\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ally\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ally\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ally\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ally\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/12/18 17:46:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/23 23:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/04 21:37:27 | 000,000,000 | ---D | M]

[2011/06/22 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Extensions
[2011/05/08 10:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/02/16 21:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\xmz9yujt.default\extensions
[2012/02/16 21:57:27 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\xmz9yujt.default\extensions\wecarereminder@bryan
[2011/11/13 23:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/13 23:53:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/03/23 23:48:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/12/18 17:46:55 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ally\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ally\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ally\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ally\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ally\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Bouncy Mouse = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/03/24 05:34:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKU\S-1-5-21-1871566390-2869288090-778840236-1000\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C414918-F2EF-4E85-83AE-2E691DF29C23}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4F362A-A36F-40D7-85CA-5882E4F55AF9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4F362A-A36F-40D7-85CA-5882E4F55AF9}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DVMOOBE - hkey= - key= - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\HP_QW_OOBE.exe (DeviceVM, Inc.)
MsConfig:64bit - StartUpReg: EasyTether - hkey= - key= - C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Ally\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Ally\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: HP Quick Launch - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
MsConfig:64bit - StartUpReg: HPWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ManyCam - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skyhook Wireless XPS Service - hkey= - key= - C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe (Skyhook Wireless)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Verbose - hkey= - key= - File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 05:39:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/24 05:34:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/24 05:06:13 | 004,443,082 | R--- | C] (Swearware) -- C:\Users\Ally\Desktop\commy.exe
[2012/03/24 04:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ally\Pavark
[2012/03/24 04:22:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/24 03:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/03/24 03:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/03/24 03:44:10 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Ally\Desktop\RootkitRevealer.exe
[2012/03/24 03:42:11 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ally\Desktop\TDSSKiller.exe
[2012/03/24 00:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LockHunter
[2012/03/24 00:08:33 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\LockHunter
[2012/03/24 00:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2012/03/24 00:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2012/03/24 00:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/03/24 00:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012/03/23 23:48:49 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\DDMSettings
[2012/03/23 20:47:36 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/03/23 13:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
[2012/03/22 20:57:41 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Apple Computer
[2012/03/22 20:57:41 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\Apple Computer
[2012/03/22 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/22 20:57:32 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/03/22 20:57:32 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/03/22 20:57:32 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/03/22 20:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/22 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/22 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/22 20:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/22 20:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/22 20:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/03/22 20:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/03/22 20:55:13 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\redsn0w
[2012/03/22 18:42:53 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quake III Arena
[2012/03/22 18:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena
[2012/03/22 18:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quake III Arena
[2012/03/22 18:20:26 | 000,000,000 | ---D | C] -- C:\Quake III Arena
[2012/03/22 17:10:54 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012/03/22 17:09:09 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe
[2012/03/22 17:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft
[2012/03/22 17:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2012/03/22 16:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/03/22 16:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/03/22 16:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2012/03/22 16:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2012/03/22 16:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/22 16:22:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/03/22 16:21:06 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\HuluDesktop
[2012/03/22 16:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/03/22 16:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/22 16:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/03/22 16:00:07 | 000,041,200 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/22 15:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starcraft
[2012/03/22 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\Ally\Desktop\bleep
[2012/03/22 12:56:42 | 000,000,000 | ---D | C] -- C:\Users\Ally\.android
[2012/03/20 18:25:23 | 000,000,000 | ---D | C] -- C:\Users\Ally\Desktop\ADB
[2012/03/20 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Daichi
[2012/03/20 17:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DashSignature.com
[2012/03/20 17:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2012/03/17 00:16:01 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\Downloaded Installations
[2012/03/17 00:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/03/17 00:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/03/17 00:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/03/17 00:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/03/17 00:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[2012/03/17 00:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/17 00:13:01 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/03/17 00:13:00 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/17 00:13:00 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/17 00:13:00 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/14 03:02:49 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 03:02:49 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 03:02:47 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 15:18:42 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 15:18:42 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/13 15:18:41 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/13 15:18:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/13 15:18:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/13 15:18:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 15:18:28 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 15:18:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 15:18:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 15:18:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 17:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unuversal Audio
[2012/03/12 17:01:30 | 000,557,056 | ---- | C] (Hyperactive Audio Systems, Inc.) -- C:\Windows\SysWow64\HypGui.dll
[2012/03/11 21:13:40 | 000,022,696 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/11 21:13:18 | 000,389,840 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/09 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReValver Mk IIIdotV
[2012/03/09 19:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peavey Electronics
[2012/03/09 19:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6
[2012/03/09 18:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware
[2012/03/08 20:37:35 | 000,000,000 | R--D | C] -- C:\Users\Ally\Desktop\idkyet Project
[2012/03/02 01:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flux sound and picture development
[2012/03/02 01:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux
[2012/03/01 21:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
[2012/02/29 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Ally\Documents\DubSamples
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ally\Desktop\*.tmp files -> C:\Users\Ally\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 16:11:04 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/03/28 15:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871566390-2869288090-778840236-1000UA.job
[2012/03/28 13:43:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1871566390-2869288090-778840236-1000UA.job
[2012/03/28 10:18:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871566390-2869288090-778840236-1000Core.job
[2012/03/27 19:43:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1871566390-2869288090-778840236-1000Core.job
[2012/03/27 17:58:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 17:58:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 17:55:46 | 000,866,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/27 17:55:46 | 000,724,050 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/27 17:55:46 | 000,143,706 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/27 17:51:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/27 17:51:06 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 17:55:43 | 000,059,613 | ---- | M] () -- C:\Users\Ally\Desktop\Good Production.wav.asd
[2012/03/25 17:55:10 | 009,676,844 | ---- | M] () -- C:\Users\Ally\Desktop\Good Production.wav
[2012/03/25 01:26:00 | 000,000,000 | -H-- | M] () -- C:\Users\Ally\Documents\Default.rdp
[2012/03/24 05:44:20 | 000,000,512 | ---- | M] () -- C:\Users\Ally\Desktop\MBR.dat
[2012/03/24 05:34:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/24 05:05:35 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\Ally\Desktop\commy.exe
[2012/03/24 04:03:10 | 000,059,995 | ---- | M] () -- C:\Users\Ally\Desktop\Capture.PNG
[2012/03/24 00:23:36 | 000,000,017 | ---- | M] () -- C:\Users\Ally\AppData\Local\resmon.resmoncfg
[2012/03/24 00:09:53 | 487,619,557 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/23 00:15:12 | 000,035,921 | ---- | M] () -- C:\Users\Ally\Desktop\RingtoneForMyBaby.wav.asd
[2012/03/23 00:15:07 | 005,644,844 | ---- | M] () -- C:\Users\Ally\Desktop\RingtoneForMyBaby.wav
[2012/03/22 17:10:06 | 000,033,021 | ---- | M] () -- C:\Windows\scunin.dat
[2012/03/22 17:10:05 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe
[2012/03/22 17:10:05 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif
[2012/03/22 16:18:37 | 000,001,069 | ---- | M] () -- C:\Users\Ally\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/21 17:42:08 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ally\Desktop\TDSSKiller.exe
[2012/03/21 13:25:05 | 000,235,627 | ---- | M] () -- C:\Users\Ally\Desktop\Killer.wav.asd
[2012/03/21 13:22:39 | 041,126,444 | ---- | M] () -- C:\Users\Ally\Desktop\Killer.wav
[2012/03/20 17:54:55 | 005,015,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/17 00:12:43 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/17 00:12:43 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/15 15:24:32 | 000,880,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/11 21:13:18 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/11 17:13:20 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ally\Desktop\*.tmp files -> C:\Users\Ally\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 17:55:43 | 000,059,613 | ---- | C] () -- C:\Users\Ally\Desktop\Good Production.wav.asd
[2012/03/25 17:55:09 | 009,676,844 | ---- | C] () -- C:\Users\Ally\Desktop\Good Production.wav
[2012/03/25 01:26:00 | 000,000,000 | -H-- | C] () -- C:\Users\Ally\Documents\Default.rdp
[2012/03/24 05:44:20 | 000,000,512 | ---- | C] () -- C:\Users\Ally\Desktop\MBR.dat
[2012/03/24 04:38:35 | 000,472,064 | ---- | C] ( ) -- C:\Users\Ally\Desktop\RootRepeal.exe
[2012/03/24 04:03:09 | 000,059,995 | ---- | C] () -- C:\Users\Ally\Desktop\Capture.PNG
[2012/03/24 00:23:36 | 000,000,017 | ---- | C] () -- C:\Users\Ally\AppData\Local\resmon.resmoncfg
[2012/03/23 13:10:31 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2012/03/23 00:15:07 | 005,644,844 | ---- | C] () -- C:\Users\Ally\Desktop\RingtoneForMyBaby.wav
[2012/03/23 00:15:07 | 000,035,921 | ---- | C] () -- C:\Users\Ally\Desktop\RingtoneForMyBaby.wav.asd
[2012/03/22 17:09:09 | 000,033,021 | ---- | C] () -- C:\Windows\scunin.dat
[2012/03/22 17:09:09 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif
[2012/03/22 16:26:34 | 000,002,849 | ---- | C] () -- C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/03/22 16:18:37 | 000,001,069 | ---- | C] () -- C:\Users\Ally\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/21 13:25:05 | 000,235,627 | ---- | C] () -- C:\Users\Ally\Desktop\Killer.wav.asd
[2012/03/17 18:33:29 | 041,126,444 | ---- | C] () -- C:\Users\Ally\Desktop\Killer.wav
[2012/03/12 17:01:14 | 002,600,164 | ---- | C] () -- C:\Users\Ally\AppData\Local\TempMediaPlay.wav
[2012/02/27 22:28:57 | 334,348,893 | ---- | C] () -- C:\Users\Ally\Desktop\KJSawkaMadBeatz_v8.1.alp
[2012/01/26 19:24:03 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/09/09 22:06:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/11 12:06:23 | 000,880,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/22 21:47:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/01 01:07:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/01 01:07:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/01 01:07:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/01 01:07:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/01 01:07:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/22 10:03:02 | 000,000,072 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/15 22:48:42 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/05/10 21:41:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/07 08:59:27 | 000,000,124 | ---- | C] () -- C:\Users\Ally\AppData\Local\mv_Photo.xml
[2011/05/07 08:59:27 | 000,000,053 | ---- | C] () -- C:\Users\Ally\AppData\Local\mv_music.xml
[2011/03/24 23:15:30 | 000,021,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\iLokDrvr.sys
[2010/11/08 22:07:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/08 22:07:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/08 22:07:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/08 22:07:23 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/08 22:06:19 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/08 22:06:19 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/10/26 16:27:16 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/10/26 13:57:43 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/17 11:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\SysWow64\Melodyne editor.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/06/25 15:16:54 | 000,680,440 | ---- | M] (Microsoft Corporation) -- C:\DPInst.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/26 14:11:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/26 14:09:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/26 14:11:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/26 14:09:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/26 14:11:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/26 14:09:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/26 14:11:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/26 14:09:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/26 14:11:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/26 14:11:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/10/26 14:11:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/10/26 14:11:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 AM

Posted 29 March 2012 - 06:03 AM

Hi,

do you still have issues or did ComboFix fix the issue?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 hosnappp

hosnappp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 29 March 2012 - 01:51 PM

Hi,

do you still have issues or did ComboFix fix the issue?

regards myrti


Very little is different since running ComboFix. This and that is better but it's still infected.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 AM

Posted 29 March 2012 - 04:17 PM

Hi,

have you considered that the drive may be bad? I don't know of any malware that could affect Windows and Linux simultaneously, irrespective of whether it is located in BIOS or not.

1. Run Chkdsk
Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.
  • Right-click the Start button and select Explore
  • Navigate to your C: Drive, then right-click the drive and select Properties
  • In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
  • If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
  • In the Check Disk Options window that pops-up, place a check-mark in both boxes:
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  • Now click on Start.
  • A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
  • Now shut-down your computer, not restart, and then turn on your computer.
  • When your computer turns on, you will see a blcak screen with white lettering, this is chkdsk running.
  • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.
2. Chkdsk Log
  • Click on Start, then Run.
  • Copy and paste the following bold text in to the Open: box:
    • eventvwr.msc /s
  • This will bring up the Event Viewer window
  • In the left panel click on Application
  • The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
    • Click on View, and then on Newest First
    • This should place the chkdsk log at the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on Posted Image (this will copy the log).
  • Paste the log in a Reply to this topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 AM

Posted 14 April 2012 - 08:52 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users