Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojan Sirefef and more


  • This topic is locked This topic is locked
136 replies to this topic

#1 buttafly75

buttafly75

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 31 July 2012 - 03:10 PM

Hello. I am experiencing trouble with my HP Windows 7 64Bit laptop. I'm being redirected when I click on a link or have adware pop up. I use Google Chrome and installed an AdBlocker but it doesn't help. Also, I run spybot and CCleaner each week and SuperAntispyware and Uniblue registry booster everyday.

When I click on Window Firewall, I get the following message:
Windows Firewall can't change some of your settings error code 0x80070424

I ran the Fix it tools, but it sent me to an Windows online forum for more help. From there I found out that my Window Defender and Windows Security Essentials were also not working. I was able to install WSE but I am getting the same error code for Window Defender.

Windows Security Essentials ran and found some issues and said it needed to restart to clear out the issues. However, during the restart, it tells me that it has encounter a problem and must reboot. Some of the issues WSE found are the following:

Trojan:Win32/Sirefef.AB
Trojan:Win64/Sirefef.F
Adware:Win32/Hotbar
Trojan Downloader:Win32/Obvod.H
Trojan:Win32/Trocur.AH
Trojan:Win64/Sirefef.B
Trojan:Win64/Sirefef.F
Exploit:Java/CVE-2012-0507.D!dr
Exploit:Win/CVE-2010-3333
Adware:Win32/OpenCandy


On the Windows help forum, I read that I am most likely infected with a root kit virus. I have a folder called system64 C:/WINDOWS/SYSTEM64 and a file called consrv.dll C:/WINDOWS/SYSTEM32/CONSRV.DLLI. On another site, they asked for me to run Malwarebytes,OLT,TDSSKiller, and MBRCheck. These programs ran but the WSE popped up and rebooted my computer again, which puts me back to where I started.

I went back to the Windows forum and was redirected this forum. I tried to follow the Preparation Guide but ran into issues. I was able to run the Defogger, but could not open the DDS. The page opens for the download, but the the download does not start.

No matter what I try to do, WSE pops up and tells me that it has found new issue and needs to restart. However, it always run into an issue and has to reboot from a restore point. So anything that I am advised to do prior to the restart is deleted during the reboot.

I posted under the Am I infected? What do I do? thread and was asked to run aswMBR. I launched and ran aswMBR. It did fine for almost an hour. However and unfortunately, my whole computer froze up. It wouldn't let me do anything. I was watching the scan and it just stopped. I couldn't save the log file or anything. My computer had to be restarted.

However, my computer had to run the Startup Repair and restore three times. It took almost an hour before I was able to log back in. I want to mention that while trying to back up my computer yesterday, it froze up almost at the end of the back up. I have tried to back up my computer three times, they are never completed. I have a lot of documents, I don't want to lose that is on my computer.

The startup repair menu only started popping up after I installed the Windows Security Essentials. I wonder if it has anything to do with my computer now freezing up.

I was redirected to post in this thread and to read the guide to posting logs. Once again, I was able to use Defogger and I tried to run the DDS but it will not open.


I have been trying for the last two days to fix this. Could somebody please help me? Your help will be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 01 August 2012 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 02 August 2012 - 02:16 AM

Hi D-FRED-BROWN,

Thank you so very much for helping me. Below are the logs you requested.

TDDSKiller:


00:54:56.0558 6464 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:54:56.0939 6464 ============================================================
00:54:56.0939 6464 Current date / time: 2012/08/02 00:54:56.0939
00:54:56.0940 6464 SystemInfo:
00:54:56.0940 6464
00:54:56.0940 6464 OS Version: 6.1.7601 ServicePack: 1.0
00:54:56.0940 6464 Product type: Workstation
00:54:56.0940 6464 ComputerName: BUTTER-PC
00:54:56.0941 6464 UserName: butter
00:54:56.0941 6464 Windows directory: C:\Windows
00:54:56.0941 6464 System windows directory: C:\Windows
00:54:56.0941 6464 Running under WOW64
00:54:56.0941 6464 Processor architecture: Intel x64
00:54:56.0941 6464 Number of processors: 1
00:54:56.0941 6464 Page size: 0x1000
00:54:56.0941 6464 Boot type: Normal boot
00:54:56.0941 6464 ============================================================
00:54:57.0396 6464 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:54:57.0401 6464 ============================================================
00:54:57.0401 6464 \Device\Harddisk0\DR0:
00:54:57.0401 6464 MBR partitions:
00:54:57.0401 6464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:54:57.0401 6464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B6F4800
00:54:57.0401 6464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B758800, BlocksNum 0x1A39000
00:54:57.0401 6464 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
00:54:57.0401 6464 ============================================================
00:54:57.0447 6464 C: <-> \Device\Harddisk0\DR0\Partition1
00:54:57.0499 6464 D: <-> \Device\Harddisk0\DR0\Partition2
00:54:57.0500 6464 ============================================================
00:54:57.0500 6464 Initialize success
00:54:57.0500 6464 ============================================================
00:55:01.0010 3484 ============================================================
00:55:01.0010 3484 Scan started
00:55:01.0010 3484 Mode: Manual;
00:55:01.0010 3484 ============================================================
00:55:01.0312 3484 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:55:01.0314 3484 !SASCORE - ok
00:55:01.0557 3484 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:55:01.0559 3484 1394ohci - ok
00:55:01.0617 3484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:55:01.0620 3484 ACPI - ok
00:55:01.0664 3484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:55:01.0665 3484 AcpiPmi - ok
00:55:01.0854 3484 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:55:01.0856 3484 AdobeARMservice - ok
00:55:02.0044 3484 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:55:02.0045 3484 AdobeFlashPlayerUpdateSvc - ok
00:55:02.0136 3484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:55:02.0140 3484 adp94xx - ok
00:55:02.0206 3484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:55:02.0208 3484 adpahci - ok
00:55:02.0245 3484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:55:02.0247 3484 adpu320 - ok
00:55:02.0310 3484 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:55:02.0311 3484 AeLookupSvc - ok
00:55:02.0485 3484 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
00:55:02.0487 3484 AESTFilters - ok
00:55:02.0623 3484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:55:02.0627 3484 AFD - ok
00:55:02.0724 3484 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
00:55:02.0725 3484 AgereModemAudio - ok
00:55:02.0844 3484 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
00:55:02.0853 3484 AgereSoftModem - ok
00:55:02.0926 3484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:55:02.0927 3484 agp440 - ok
00:55:03.0368 3484 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
00:55:03.0368 3484 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
00:55:03.0379 3484 Akamai ( HiddenFile.Multi.Generic ) - warning
00:55:03.0379 3484 Akamai - detected HiddenFile.Multi.Generic (1)
00:55:03.0546 3484 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:55:03.0561 3484 ALG - ok
00:55:03.0662 3484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:55:03.0663 3484 aliide - ok
00:55:03.0747 3484 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
00:55:03.0749 3484 AMD External Events Utility - ok
00:55:03.0795 3484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:55:03.0795 3484 amdide - ok
00:55:03.0836 3484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:55:03.0837 3484 AmdK8 - ok
00:55:03.0873 3484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:55:03.0874 3484 AmdPPM - ok
00:55:03.0931 3484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:55:03.0932 3484 amdsata - ok
00:55:03.0993 3484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:55:03.0995 3484 amdsbs - ok
00:55:04.0037 3484 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:55:04.0038 3484 amdxata - ok
00:55:04.0128 3484 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
00:55:04.0128 3484 AppHostSvc - ok
00:55:04.0210 3484 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:55:04.0212 3484 AppID - ok
00:55:04.0283 3484 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:55:04.0284 3484 AppIDSvc - ok
00:55:04.0308 3484 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:55:04.0309 3484 Appinfo - ok
00:55:04.0475 3484 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:55:04.0478 3484 Apple Mobile Device - ok
00:55:04.0583 3484 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:55:04.0585 3484 arc - ok
00:55:04.0639 3484 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:55:04.0640 3484 arcsas - ok
00:55:04.0754 3484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:55:04.0755 3484 AsyncMac - ok
00:55:04.0808 3484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:55:04.0808 3484 atapi - ok
00:55:04.0969 3484 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
00:55:04.0979 3484 athr - ok
00:55:05.0179 3484 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
00:55:05.0180 3484 AtiHdmiService - ok
00:55:05.0719 3484 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
00:55:05.0764 3484 atikmdag - ok
00:55:05.0978 3484 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:55:05.0979 3484 AtiPcie - ok
00:55:06.0134 3484 ATTRcAppSvc (e7042e9472a76d88af993702a2fbe2b1) C:\Program Files (x86)\AT&T\Connection Software\RcAppSvc.exe
00:55:06.0136 3484 ATTRcAppSvc - ok
00:55:06.0265 3484 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:55:06.0270 3484 AudioEndpointBuilder - ok
00:55:06.0283 3484 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:55:06.0287 3484 AudioSrv - ok
00:55:06.0341 3484 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:55:06.0342 3484 AxInstSV - ok
00:55:06.0418 3484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:55:06.0422 3484 b06bdrv - ok
00:55:06.0477 3484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:55:06.0480 3484 b57nd60a - ok
00:55:06.0633 3484 BBSvc (dbf43db0c648db9101d61041e00df5c4) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:55:06.0636 3484 BBSvc - ok
00:55:06.0684 3484 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:55:06.0685 3484 BDESVC - ok
00:55:06.0702 3484 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:55:06.0703 3484 Beep - ok
00:55:06.0796 3484 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
00:55:06.0799 3484 BingDesktopUpdate - ok
00:55:06.0910 3484 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:55:06.0926 3484 BITS - ok
00:55:06.0976 3484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:55:06.0976 3484 blbdrive - ok
00:55:07.0141 3484 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:55:07.0149 3484 Bonjour Service - ok
00:55:07.0218 3484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:55:07.0219 3484 bowser - ok
00:55:07.0254 3484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:55:07.0254 3484 BrFiltLo - ok
00:55:07.0265 3484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:55:07.0266 3484 BrFiltUp - ok
00:55:07.0319 3484 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:55:07.0320 3484 Browser - ok
00:55:07.0363 3484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:55:07.0365 3484 Brserid - ok
00:55:07.0387 3484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:55:07.0388 3484 BrSerWdm - ok
00:55:07.0404 3484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:55:07.0404 3484 BrUsbMdm - ok
00:55:07.0416 3484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:55:07.0416 3484 BrUsbSer - ok
00:55:07.0446 3484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:55:07.0447 3484 BTHMODEM - ok
00:55:07.0494 3484 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:55:07.0495 3484 bthserv - ok
00:55:07.0654 3484 CAATT (8795d4334610a40921d88b28a5a389f7) C:\Program Files (x86)\AT&T\Connection Software\ConAppsSvc.exe
00:55:07.0656 3484 CAATT - ok
00:55:07.0724 3484 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:55:07.0725 3484 cdfs - ok
00:55:07.0801 3484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:55:07.0803 3484 cdrom - ok
00:55:07.0883 3484 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:55:07.0884 3484 CertPropSvc - ok
00:55:07.0920 3484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:55:07.0921 3484 circlass - ok
00:55:08.0245 3484 Cisco Media Server (4dfc0980f551e99ee06480ce928fc3c1) C:\Program Files (x86)\Cisco Media Center\AVMediaServer.exe
00:55:08.0267 3484 Cisco Media Server - ok
00:55:08.0437 3484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:55:08.0444 3484 CLFS - ok
00:55:08.0547 3484 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:55:08.0551 3484 clr_optimization_v2.0.50727_32 - ok
00:55:08.0622 3484 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:55:08.0623 3484 clr_optimization_v2.0.50727_64 - ok
00:55:08.0733 3484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:55:08.0734 3484 clr_optimization_v4.0.30319_32 - ok
00:55:08.0792 3484 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:55:08.0794 3484 clr_optimization_v4.0.30319_64 - ok
00:55:08.0876 3484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:55:08.0877 3484 CmBatt - ok
00:55:08.0922 3484 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:55:08.0923 3484 cmdide - ok
00:55:09.0000 3484 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:55:09.0004 3484 CNG - ok
00:55:09.0149 3484 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:55:09.0196 3484 Com4QLBEx - ok
00:55:09.0213 3484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:55:09.0214 3484 Compbatt - ok
00:55:09.0271 3484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:55:09.0271 3484 CompositeBus - ok
00:55:09.0290 3484 COMSysApp - ok
00:55:09.0315 3484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:55:09.0315 3484 crcdisk - ok
00:55:09.0387 3484 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:55:09.0388 3484 CryptSvc - ok
00:55:09.0466 3484 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:55:09.0472 3484 DcomLaunch - ok
00:55:09.0531 3484 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:55:09.0533 3484 defragsvc - ok
00:55:09.0626 3484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:55:09.0627 3484 DfsC - ok
00:55:09.0700 3484 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:55:09.0703 3484 Dhcp - ok
00:55:09.0737 3484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:55:09.0738 3484 discache - ok
00:55:09.0808 3484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:55:09.0810 3484 Disk - ok
00:55:09.0898 3484 DLABMFSE (17e6a205960c775a6f2bed1dd9e56214) C:\Windows\system32\DLA\DLABMFSE.SYS
00:55:09.0899 3484 DLABMFSE - ok
00:55:09.0945 3484 DLABOIOE (92e787b6af9b75a39c99d0a31c05b857) C:\Windows\system32\DLA\DLABOIOE.SYS
00:55:09.0946 3484 DLABOIOE - ok
00:55:09.0984 3484 DLACDBHE (b345278ecd8ed4b8d33684cdbf396436) C:\Windows\system32\Drivers\DLACDBHE.SYS
00:55:09.0985 3484 DLACDBHE - ok
00:55:09.0999 3484 DLADResE (b207bcf0307b191a5068a003c520283a) C:\Windows\system32\DLA\DLADResE.SYS
00:55:09.0999 3484 DLADResE - ok
00:55:10.0023 3484 DLAIFS_E (9448aad0502e570de2275b5f2927c314) C:\Windows\system32\DLA\DLAIFS_E.SYS
00:55:10.0024 3484 DLAIFS_E - ok
00:55:10.0050 3484 DLAOPIOE (02923de961a916675059d44a32ed7a90) C:\Windows\system32\DLA\DLAOPIOE.SYS
00:55:10.0051 3484 DLAOPIOE - ok
00:55:10.0073 3484 DLAPoolE (9c82599cc61e3a467cb5bbe66c111e3a) C:\Windows\system32\DLA\DLAPoolE.SYS
00:55:10.0073 3484 DLAPoolE - ok
00:55:10.0113 3484 DLARTL_E (f24ae7967965cc29fb709191401ab8b7) C:\Windows\system32\Drivers\DLARTL_E.SYS
00:55:10.0114 3484 DLARTL_E - ok
00:55:10.0147 3484 DLAUDFAE (e8fed969b01cacec08ffe88914d992d4) C:\Windows\system32\DLA\DLAUDFAE.SYS
00:55:10.0148 3484 DLAUDFAE - ok
00:55:10.0176 3484 DLAUDF_E (e5a481115ccc2506d5b425e913170df1) C:\Windows\system32\DLA\DLAUDF_E.SYS
00:55:10.0177 3484 DLAUDF_E - ok
00:55:10.0289 3484 dldwCATSCustConnectService (09fd3b1e2bc77067db822068e010a5a1) C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe
00:55:10.0294 3484 dldwCATSCustConnectService - ok
00:55:10.0317 3484 dldw_device - ok
00:55:10.0373 3484 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:55:10.0375 3484 Dnscache - ok
00:55:10.0447 3484 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:55:10.0453 3484 dot3svc - ok
00:55:10.0493 3484 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:55:10.0495 3484 DPS - ok
00:55:10.0536 3484 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:55:10.0536 3484 drmkaud - ok
00:55:10.0590 3484 DRVECDB (5e049ca729a0e763c73de4de39ff83e0) C:\Windows\system32\Drivers\DRVECDB.SYS
00:55:10.0592 3484 DRVECDB - ok
00:55:10.0634 3484 DRVEDDM (67e67b1a6f4f42d737962f8e0860b6c2) C:\Windows\system32\Drivers\DRVEDDM.SYS
00:55:10.0635 3484 DRVEDDM - ok
00:55:10.0768 3484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:55:10.0774 3484 DXGKrnl - ok
00:55:10.0832 3484 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:55:10.0834 3484 EapHost - ok
00:55:11.0104 3484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:55:11.0126 3484 ebdrv - ok
00:55:11.0275 3484 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:55:11.0278 3484 EFS - ok
00:55:11.0446 3484 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:55:11.0457 3484 ehRecvr - ok
00:55:11.0506 3484 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:55:11.0507 3484 ehSched - ok
00:55:11.0617 3484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:55:11.0621 3484 elxstor - ok
00:55:11.0670 3484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:55:11.0671 3484 ErrDev - ok
00:55:11.0749 3484 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:55:11.0753 3484 EventSystem - ok
00:55:11.0797 3484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:55:11.0799 3484 exfat - ok
00:55:11.0839 3484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:55:11.0841 3484 fastfat - ok
00:55:11.0942 3484 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:55:11.0948 3484 Fax - ok
00:55:11.0976 3484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:55:11.0976 3484 fdc - ok
00:55:12.0003 3484 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:55:12.0004 3484 fdPHost - ok
00:55:12.0038 3484 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:55:12.0039 3484 FDResPub - ok
00:55:12.0062 3484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:55:12.0063 3484 FileInfo - ok
00:55:12.0079 3484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:55:12.0080 3484 Filetrace - ok
00:55:12.0108 3484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:55:12.0108 3484 flpydisk - ok
00:55:12.0179 3484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:55:12.0181 3484 FltMgr - ok
00:55:12.0309 3484 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:55:12.0318 3484 FontCache - ok
00:55:12.0449 3484 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:55:12.0450 3484 FontCache3.0.0.0 - ok
00:55:12.0521 3484 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:55:12.0521 3484 FsDepends - ok
00:55:12.0561 3484 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:55:12.0562 3484 Fs_Rec - ok
00:55:12.0641 3484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:55:12.0643 3484 fvevol - ok
00:55:12.0692 3484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:55:12.0693 3484 gagp30kx - ok
00:55:12.0831 3484 GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:55:12.0833 3484 GameConsoleService - ok
00:55:12.0880 3484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:55:12.0881 3484 GEARAspiWDM - ok
00:55:12.0976 3484 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:55:12.0982 3484 gpsvc - ok
00:55:13.0155 3484 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:55:13.0158 3484 gupdate - ok
00:55:13.0194 3484 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:55:13.0195 3484 gupdatem - ok
00:55:13.0274 3484 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:55:13.0275 3484 gusvc - ok
00:55:13.0297 3484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:55:13.0298 3484 hcw85cir - ok
00:55:13.0410 3484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:55:13.0416 3484 HdAudAddService - ok
00:55:13.0464 3484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:55:13.0466 3484 HDAudBus - ok
00:55:13.0478 3484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:55:13.0478 3484 HidBatt - ok
00:55:13.0510 3484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:55:13.0511 3484 HidBth - ok
00:55:13.0531 3484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:55:13.0531 3484 HidIr - ok
00:55:13.0573 3484 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:55:13.0575 3484 hidserv - ok
00:55:13.0614 3484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:55:13.0615 3484 HidUsb - ok
00:55:13.0660 3484 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:55:13.0661 3484 hkmsvc - ok
00:55:13.0710 3484 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:55:13.0712 3484 HomeGroupListener - ok
00:55:13.0786 3484 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:55:13.0789 3484 HomeGroupProvider - ok
00:55:13.0975 3484 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:55:13.0976 3484 HP Support Assistant Service - ok
00:55:14.0043 3484 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:55:14.0044 3484 HPDrvMntSvc.exe - ok
00:55:14.0078 3484 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:55:14.0078 3484 HpqKbFiltr - ok
00:55:14.0182 3484 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:55:14.0187 3484 hpqwmiex - ok
00:55:14.0261 3484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:55:14.0262 3484 HpSAMD - ok
00:55:14.0326 3484 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
00:55:14.0326 3484 HTCAND64 - ok
00:55:14.0411 3484 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
00:55:14.0413 3484 htcnprot - ok
00:55:14.0550 3484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:55:14.0555 3484 HTTP - ok
00:55:14.0597 3484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:55:14.0597 3484 hwpolicy - ok
00:55:14.0695 3484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:55:14.0697 3484 i8042prt - ok
00:55:14.0778 3484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:55:14.0781 3484 iaStorV - ok
00:55:14.0950 3484 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:55:14.0952 3484 IDriverT - ok
00:55:15.0166 3484 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:55:15.0172 3484 idsvc - ok
00:55:15.0723 3484 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:55:15.0768 3484 igfx - ok
00:55:15.0959 3484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:55:15.0960 3484 iirsp - ok
00:55:16.0098 3484 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:55:16.0115 3484 IKEEXT - ok
00:55:16.0172 3484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:55:16.0173 3484 intelide - ok
00:55:16.0231 3484 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:55:16.0232 3484 intelppm - ok
00:55:16.0272 3484 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:55:16.0273 3484 IPBusEnum - ok
00:55:16.0321 3484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:55:16.0322 3484 IpFilterDriver - ok
00:55:16.0370 3484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:55:16.0371 3484 IPMIDRV - ok
00:55:16.0415 3484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:55:16.0416 3484 IPNAT - ok
00:55:16.0568 3484 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:55:16.0574 3484 iPod Service - ok
00:55:16.0618 3484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:55:16.0619 3484 IRENUM - ok
00:55:16.0666 3484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:55:16.0666 3484 isapnp - ok
00:55:16.0731 3484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:55:16.0733 3484 iScsiPrt - ok
00:55:16.0764 3484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:55:16.0765 3484 kbdclass - ok
00:55:16.0829 3484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:55:16.0831 3484 kbdhid - ok
00:55:16.0886 3484 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:16.0887 3484 KeyIso - ok
00:55:16.0973 3484 kiyfwcdq (fa1dabdba6721f4fe345413b3a189ead) C:\Windows\system32\drivers\kiyfwcdq.sys
00:55:16.0975 3484 kiyfwcdq - ok
00:55:17.0119 3484 KodakSvc (1645cb4b82c2058b7790129b03869da3) C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe
00:55:17.0121 3484 KodakSvc - ok
00:55:17.0177 3484 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:55:17.0178 3484 KSecDD - ok
00:55:17.0228 3484 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:55:17.0229 3484 KSecPkg - ok
00:55:17.0279 3484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:55:17.0280 3484 ksthunk - ok
00:55:17.0353 3484 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:55:17.0357 3484 KtmRm - ok
00:55:17.0428 3484 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:55:17.0437 3484 LanmanServer - ok
00:55:17.0495 3484 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:55:17.0499 3484 LanmanWorkstation - ok
00:55:17.0605 3484 LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:55:17.0607 3484 LightScribeService - ok
00:55:17.0712 3484 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
00:55:17.0714 3484 LinksysUpdater - ok
00:55:17.0759 3484 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:55:17.0760 3484 lltdio - ok
00:55:17.0809 3484 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:55:17.0812 3484 lltdsvc - ok
00:55:17.0830 3484 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:55:17.0831 3484 lmhosts - ok
00:55:17.0880 3484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:55:17.0881 3484 LSI_FC - ok
00:55:17.0924 3484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:55:17.0925 3484 LSI_SAS - ok
00:55:17.0951 3484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:55:17.0952 3484 LSI_SAS2 - ok
00:55:17.0993 3484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:55:17.0994 3484 LSI_SCSI - ok
00:55:18.0044 3484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:55:18.0051 3484 luafv - ok
00:55:18.0182 3484 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
00:55:18.0183 3484 McAfee SiteAdvisor Service - ok
00:55:18.0318 3484 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
00:55:18.0325 3484 McciCMService - ok
00:55:18.0473 3484 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
00:55:18.0477 3484 McciCMService64 - ok
00:55:18.0615 3484 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
00:55:18.0620 3484 McComponentHostService - ok
00:55:18.0789 3484 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:55:18.0791 3484 Mcx2Svc - ok
00:55:18.0948 3484 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
00:55:18.0954 3484 MDM - ok
00:55:19.0022 3484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:55:19.0022 3484 megasas - ok
00:55:19.0065 3484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:55:19.0074 3484 MegaSR - ok
00:55:19.0112 3484 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:55:19.0114 3484 MMCSS - ok
00:55:19.0152 3484 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:55:19.0153 3484 Modem - ok
00:55:19.0203 3484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:55:19.0204 3484 monitor - ok
00:55:19.0262 3484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:55:19.0263 3484 mouclass - ok
00:55:19.0318 3484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:55:19.0319 3484 mouhid - ok
00:55:19.0368 3484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:55:19.0370 3484 mountmgr - ok
00:55:19.0423 3484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:55:19.0424 3484 mpio - ok
00:55:19.0453 3484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:55:19.0454 3484 mpsdrv - ok
00:55:19.0541 3484 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
00:55:19.0543 3484 MREMP50 - ok
00:55:19.0578 3484 MREMP50a64 - ok
00:55:19.0631 3484 MREMPR5 - ok
00:55:19.0649 3484 MRENDIS5 - ok
00:55:19.0691 3484 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
00:55:19.0691 3484 MRESP50 - ok
00:55:19.0700 3484 MRESP50a64 - ok
00:55:19.0751 3484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:55:19.0752 3484 MRxDAV - ok
00:55:19.0809 3484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:55:19.0811 3484 mrxsmb - ok
00:55:19.0876 3484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:55:19.0878 3484 mrxsmb10 - ok
00:55:19.0902 3484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:55:19.0904 3484 mrxsmb20 - ok
00:55:19.0947 3484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:55:19.0948 3484 msahci - ok
00:55:19.0980 3484 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:55:19.0981 3484 msdsm - ok
00:55:20.0039 3484 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:55:20.0042 3484 MSDTC - ok
00:55:20.0095 3484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:55:20.0096 3484 Msfs - ok
00:55:20.0134 3484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:55:20.0135 3484 mshidkmdf - ok
00:55:20.0174 3484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:55:20.0174 3484 msisadrv - ok
00:55:20.0221 3484 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:55:20.0223 3484 MSiSCSI - ok
00:55:20.0233 3484 msiserver - ok
00:55:20.0257 3484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:55:20.0258 3484 MSKSSRV - ok
00:55:20.0278 3484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:55:20.0278 3484 MSPCLOCK - ok
00:55:20.0292 3484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:55:20.0293 3484 MSPQM - ok
00:55:20.0366 3484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:55:20.0368 3484 MsRPC - ok
00:55:20.0417 3484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:55:20.0418 3484 mssmbios - ok
00:55:20.0436 3484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:55:20.0437 3484 MSTEE - ok
00:55:20.0472 3484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:55:20.0473 3484 MTConfig - ok
00:55:20.0509 3484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:55:20.0510 3484 Mup - ok
00:55:20.0589 3484 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:55:20.0594 3484 napagent - ok
00:55:20.0660 3484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:55:20.0663 3484 NativeWifiP - ok
00:55:20.0770 3484 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:55:20.0777 3484 NDIS - ok
00:55:20.0808 3484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:55:20.0809 3484 NdisCap - ok
00:55:20.0846 3484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:20.0846 3484 NdisTapi - ok
00:55:20.0885 3484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:20.0886 3484 Ndisuio - ok
00:55:20.0936 3484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:20.0937 3484 NdisWan - ok
00:55:20.0992 3484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:55:20.0993 3484 NDProxy - ok
00:55:21.0017 3484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:55:21.0017 3484 NetBIOS - ok
00:55:21.0088 3484 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:55:21.0090 3484 NetBT - ok
00:55:21.0144 3484 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:21.0145 3484 Netlogon - ok
00:55:21.0222 3484 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:55:21.0226 3484 Netman - ok
00:55:21.0358 3484 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:55:21.0360 3484 NetMsmqActivator - ok
00:55:21.0387 3484 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:55:21.0388 3484 NetPipeActivator - ok
00:55:21.0422 3484 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:55:21.0432 3484 netprofm - ok
00:55:21.0442 3484 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:55:21.0442 3484 NetTcpActivator - ok
00:55:21.0452 3484 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:55:21.0452 3484 NetTcpPortSharing - ok
00:55:21.0902 3484 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:55:21.0942 3484 netw5v64 - ok
00:55:22.0122 3484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:55:22.0132 3484 nfrd960 - ok
00:55:22.0222 3484 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:55:22.0232 3484 NlaSvc - ok
00:55:22.0412 3484 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
00:55:22.0412 3484 nmservice - ok
00:55:22.0452 3484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:55:22.0452 3484 Npfs - ok
00:55:22.0482 3484 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:55:22.0482 3484 nsi - ok
00:55:22.0502 3484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:55:22.0502 3484 nsiproxy - ok
00:55:22.0662 3484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:55:22.0682 3484 Ntfs - ok
00:55:22.0842 3484 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:55:22.0842 3484 Null - ok
00:55:22.0922 3484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:55:22.0922 3484 nvraid - ok
00:55:22.0982 3484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:55:22.0982 3484 nvstor - ok
00:55:23.0042 3484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:55:23.0042 3484 nv_agp - ok
00:55:23.0192 3484 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:55:23.0192 3484 odserv - ok
00:55:23.0242 3484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:55:23.0252 3484 ohci1394 - ok
00:55:23.0302 3484 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:55:23.0302 3484 ose - ok
00:55:23.0362 3484 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:55:23.0362 3484 p2pimsvc - ok
00:55:23.0422 3484 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:55:23.0432 3484 p2psvc - ok
00:55:23.0462 3484 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:55:23.0462 3484 Parport - ok
00:55:23.0512 3484 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:55:23.0512 3484 partmgr - ok
00:55:23.0632 3484 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
00:55:23.0642 3484 PassThru Service - ok
00:55:23.0682 3484 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:55:23.0692 3484 PcaSvc - ok
00:55:23.0752 3484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:55:23.0752 3484 pci - ok
00:55:23.0772 3484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:55:23.0772 3484 pciide - ok
00:55:23.0822 3484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:55:23.0822 3484 pcmcia - ok
00:55:23.0892 3484 PCTINDIS5X64 (d0b8d8bee62da6dda0019bc266838f48) C:\Windows\system32\PCTINDIS5X64.SYS
00:55:23.0892 3484 PCTINDIS5X64 - ok
00:55:23.0932 3484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:55:23.0932 3484 pcw - ok
00:55:23.0992 3484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:55:24.0002 3484 PEAUTH - ok
00:55:24.0092 3484 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:55:24.0092 3484 PerfHost - ok
00:55:24.0272 3484 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:55:24.0282 3484 pla - ok
00:55:24.0362 3484 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:55:24.0362 3484 PlugPlay - ok
00:55:24.0462 3484 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
00:55:24.0462 3484 pnarp - ok
00:55:24.0502 3484 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:55:24.0512 3484 PNRPAutoReg - ok
00:55:24.0552 3484 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:55:24.0552 3484 PNRPsvc - ok
00:55:24.0622 3484 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:55:24.0622 3484 PolicyAgent - ok
00:55:24.0672 3484 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:55:24.0672 3484 Power - ok
00:55:24.0742 3484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:55:24.0742 3484 PptpMiniport - ok
00:55:24.0772 3484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:55:24.0772 3484 Processor - ok
00:55:24.0832 3484 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:55:24.0832 3484 ProfSvc - ok
00:55:24.0882 3484 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:24.0892 3484 ProtectedStorage - ok
00:55:24.0962 3484 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:55:24.0962 3484 Psched - ok
00:55:25.0062 3484 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
00:55:25.0062 3484 purendis - ok
00:55:25.0112 3484 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:55:25.0122 3484 PxHlpa64 - ok
00:55:25.0252 3484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:55:25.0262 3484 ql2300 - ok
00:55:25.0394 3484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:55:25.0404 3484 ql40xx - ok
00:55:25.0454 3484 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:55:25.0464 3484 QWAVE - ok
00:55:25.0504 3484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:55:25.0504 3484 QWAVEdrv - ok
00:55:25.0534 3484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:55:25.0534 3484 RasAcd - ok
00:55:25.0564 3484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:55:25.0574 3484 RasAgileVpn - ok
00:55:25.0604 3484 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:55:25.0604 3484 RasAuto - ok
00:55:25.0654 3484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:55:25.0664 3484 Rasl2tp - ok
00:55:25.0724 3484 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:55:25.0724 3484 RasMan - ok
00:55:25.0754 3484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:55:25.0754 3484 RasPppoe - ok
00:55:25.0774 3484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:55:25.0774 3484 RasSstp - ok
00:55:25.0834 3484 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
00:55:25.0834 3484 rcmirror - ok
00:55:25.0894 3484 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:55:25.0904 3484 rdbss - ok
00:55:25.0924 3484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:55:25.0924 3484 rdpbus - ok
00:55:25.0954 3484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:55:25.0954 3484 RDPCDD - ok
00:55:26.0004 3484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:55:26.0004 3484 RDPENCDD - ok
00:55:26.0044 3484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:55:26.0044 3484 RDPREFMP - ok
00:55:26.0104 3484 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:55:26.0104 3484 RDPWD - ok
00:55:26.0184 3484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:55:26.0194 3484 rdyboost - ok
00:55:26.0234 3484 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:55:26.0234 3484 RemoteAccess - ok
00:55:26.0284 3484 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:55:26.0284 3484 RemoteRegistry - ok
00:55:26.0454 3484 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:55:26.0454 3484 RichVideo - ok
00:55:26.0514 3484 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:55:26.0514 3484 RimUsb - ok
00:55:26.0654 3484 Roxio UPnP Renderer 9 (8f164a783ceed480b8cb1e4054e22e82) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
00:55:26.0654 3484 Roxio UPnP Renderer 9 - ok
00:55:26.0694 3484 Roxio Upnp Server 9 (6cbf7f7c696927e45fd6439a76072aee) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
00:55:26.0704 3484 Roxio Upnp Server 9 - ok
00:55:26.0814 3484 RoxMediaDB9 (f112231f8311ffac952b708c2f1200bf) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
00:55:26.0814 3484 RoxMediaDB9 - ok
00:55:26.0954 3484 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:55:26.0964 3484 RpcEptMapper - ok
00:55:27.0004 3484 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:55:27.0004 3484 RpcLocator - ok
00:55:27.0074 3484 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:55:27.0084 3484 RpcSs - ok
00:55:27.0154 3484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:55:27.0154 3484 rspndr - ok
00:55:27.0244 3484 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
00:55:27.0244 3484 RSUSBSTOR - ok
00:55:27.0304 3484 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:55:27.0314 3484 RTL8167 - ok
00:55:27.0334 3484 RtsUIR - ok
00:55:27.0394 3484 RxFilter (2dddd6e3fadee0d89365bfb90b1beeb9) C:\Windows\system32\DRIVERS\RxFilter.sys
00:55:27.0394 3484 RxFilter - ok
00:55:27.0454 3484 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:27.0454 3484 SamSs - ok
00:55:27.0604 3484 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:55:27.0604 3484 SASDIFSV - ok
00:55:27.0664 3484 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:55:27.0664 3484 SASKUTIL - ok
00:55:27.0724 3484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:55:27.0734 3484 sbp2port - ok
00:55:27.0794 3484 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:55:27.0804 3484 SCardSvr - ok
00:55:27.0844 3484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:55:27.0844 3484 scfilter - ok
00:55:27.0994 3484 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:55:28.0034 3484 Schedule - ok
00:55:28.0094 3484 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:55:28.0094 3484 SCPolicySvc - ok
00:55:28.0154 3484 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
00:55:28.0154 3484 sdbus - ok
00:55:28.0194 3484 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:55:28.0194 3484 SDRSVC - ok
00:55:28.0344 3484 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:55:28.0344 3484 SeaPort - ok
00:55:28.0384 3484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:55:28.0394 3484 secdrv - ok
00:55:28.0434 3484 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:55:28.0434 3484 seclogon - ok
00:55:28.0464 3484 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:55:28.0464 3484 SENS - ok
00:55:28.0514 3484 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:55:28.0514 3484 SensrSvc - ok
00:55:28.0534 3484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:55:28.0544 3484 Serenum - ok
00:55:28.0564 3484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:55:28.0564 3484 Serial - ok
00:55:28.0604 3484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:55:28.0614 3484 sermouse - ok
00:55:28.0674 3484 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:55:28.0684 3484 SessionEnv - ok
00:55:28.0724 3484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:55:28.0724 3484 sffdisk - ok
00:55:28.0744 3484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:55:28.0744 3484 sffp_mmc - ok
00:55:28.0754 3484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:55:28.0764 3484 sffp_sd - ok
00:55:28.0784 3484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:55:28.0784 3484 sfloppy - ok
00:55:28.0834 3484 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:55:28.0834 3484 SharedAccess - ok
00:55:28.0914 3484 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:55:28.0914 3484 ShellHWDetection - ok
00:55:28.0964 3484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:55:28.0964 3484 SiSRaid2 - ok
00:55:28.0994 3484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:55:28.0994 3484 SiSRaid4 - ok
00:55:29.0094 3484 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:55:29.0094 3484 SkypeUpdate - ok
00:55:29.0124 3484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:55:29.0124 3484 Smb - ok
00:55:29.0204 3484 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:55:29.0204 3484 SNMPTRAP - ok
00:55:29.0224 3484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:55:29.0224 3484 spldr - ok
00:55:29.0304 3484 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:55:29.0314 3484 Spooler - ok
00:55:29.0595 3484 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:55:29.0625 3484 sppsvc - ok
00:55:29.0785 3484 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:55:29.0795 3484 sppuinotify - ok
00:55:29.0925 3484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:55:29.0935 3484 srv - ok
00:55:29.0985 3484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:55:29.0985 3484 srv2 - ok
00:55:30.0045 3484 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:55:30.0055 3484 SrvHsfHDA - ok
00:55:30.0205 3484 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:55:30.0215 3484 SrvHsfV92 - ok
00:55:30.0435 3484 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:55:30.0455 3484 SrvHsfWinac - ok
00:55:30.0515 3484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:55:30.0515 3484 srvnet - ok
00:55:30.0555 3484 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:55:30.0555 3484 SSDPSRV - ok
00:55:30.0575 3484 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:55:30.0585 3484 SstpSvc - ok
00:55:30.0725 3484 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
00:55:30.0735 3484 STacSV - ok
00:55:30.0775 3484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:55:30.0775 3484 stexstor - ok
00:55:30.0845 3484 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
00:55:30.0855 3484 STHDA - ok
00:55:30.0935 3484 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:55:30.0945 3484 stisvc - ok
00:55:31.0055 3484 stllssvr (4173a9cd59f15a64f54b3242c3232731) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:55:31.0055 3484 stllssvr - ok
00:55:31.0115 3484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:55:31.0115 3484 swenum - ok
00:55:31.0265 3484 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:55:31.0265 3484 SwitchBoard - ok
00:55:31.0315 3484 swmsflt (1c4ebd3e6cce53586d58473524d54e50) C:\Windows\System32\drivers\swmsflt.sys
00:55:31.0325 3484 swmsflt - ok
00:55:31.0405 3484 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:55:31.0405 3484 swprv - ok
00:55:31.0486 3484 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
00:55:31.0496 3484 SynTP - ok
00:55:31.0666 3484 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:55:31.0686 3484 SysMain - ok
00:55:31.0836 3484 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:55:31.0846 3484 TabletInputService - ok
00:55:31.0916 3484 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:55:31.0916 3484 TapiSrv - ok
00:55:31.0966 3484 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:55:31.0966 3484 TBS - ok
00:55:32.0176 3484 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:55:32.0186 3484 Tcpip - ok
00:55:32.0426 3484 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:55:32.0440 3484 TCPIP6 - ok
00:55:32.0532 3484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:55:32.0532 3484 tcpipreg - ok
00:55:32.0592 3484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:55:32.0592 3484 TDPIPE - ok
00:55:32.0642 3484 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:55:32.0642 3484 TDTCP - ok
00:55:32.0692 3484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:55:32.0692 3484 tdx - ok
00:55:32.0742 3484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:55:32.0742 3484 TermDD - ok
00:55:32.0802 3484 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:55:32.0812 3484 TermService - ok
00:55:32.0852 3484 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:55:32.0852 3484 Themes - ok
00:55:32.0892 3484 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:55:32.0892 3484 THREADORDER - ok
00:55:32.0932 3484 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:55:32.0932 3484 TrkWks - ok
00:55:33.0032 3484 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:55:33.0032 3484 TrustedInstaller - ok
00:55:33.0082 3484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:55:33.0082 3484 tssecsrv - ok
00:55:33.0162 3484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:55:33.0162 3484 TsUsbFlt - ok
00:55:33.0232 3484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:55:33.0232 3484 tunnel - ok
00:55:33.0272 3484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:55:33.0272 3484 uagp35 - ok
00:55:33.0322 3484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:55:33.0322 3484 udfs - ok
00:55:33.0352 3484 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:55:33.0362 3484 UI0Detect - ok
00:55:33.0412 3484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:55:33.0412 3484 uliagpkx - ok
00:55:33.0462 3484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:55:33.0472 3484 umbus - ok
00:55:33.0502 3484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:55:33.0502 3484 UmPass - ok
00:55:33.0542 3484 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:55:33.0542 3484 upnphost - ok
00:55:33.0632 3484 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:55:33.0632 3484 USBAAPL64 - ok
00:55:33.0702 3484 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:55:33.0702 3484 usbaudio - ok
00:55:33.0762 3484 usbbus (a760351af8b6d9e8d862db3b657a8bdd) C:\Windows\system32\DRIVERS\lgx64bus.sys
00:55:33.0762 3484 usbbus - ok
00:55:33.0792 3484 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:55:33.0792 3484 usbccgp - ok
00:55:33.0802 3484 USBCCID - ok
00:55:33.0852 3484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:55:33.0852 3484 usbcir - ok
00:55:33.0912 3484 UsbDiag (461cc33ce7cc38b696d4f04cd52640e4) C:\Windows\system32\DRIVERS\lgx64diag.sys
00:55:33.0912 3484 UsbDiag - ok
00:55:33.0942 3484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:55:33.0942 3484 usbehci - ok
00:55:33.0982 3484 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
00:55:33.0982 3484 usbfilter - ok
00:55:34.0052 3484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:55:34.0062 3484 usbhub - ok
00:55:34.0102 3484 USBModem (c51cf486a3af418561077dd828ab70a1) C:\Windows\system32\DRIVERS\lgx64modem.sys
00:55:34.0102 3484 USBModem - ok
00:55:34.0142 3484 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:55:34.0152 3484 usbohci - ok
00:55:34.0192 3484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:55:34.0192 3484 usbprint - ok
00:55:34.0242 3484 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:55:34.0242 3484 usbscan - ok
00:55:34.0282 3484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:55:34.0282 3484 USBSTOR - ok
00:55:34.0312 3484 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:55:34.0312 3484 usbuhci - ok
00:55:34.0342 3484 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:55:34.0352 3484 UxSms - ok
00:55:34.0402 3484 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:55:34.0402 3484 VaultSvc - ok
00:55:34.0462 3484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:55:34.0462 3484 vdrvroot - ok
00:55:34.0542 3484 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:55:34.0542 3484 vds - ok
00:55:34.0592 3484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:55:34.0592 3484 vga - ok
00:55:34.0612 3484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:55:34.0612 3484 VgaSave - ok
00:55:34.0682 3484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:55:34.0682 3484 vhdmp - ok
00:55:34.0702 3484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:55:34.0702 3484 viaide - ok
00:55:34.0722 3484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:55:34.0722 3484 volmgr - ok
00:55:34.0792 3484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:55:34.0792 3484 volmgrx - ok
00:55:34.0822 3484 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:55:34.0832 3484 volsnap - ok
00:55:34.0892 3484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:55:34.0892 3484 vsmraid - ok
00:55:35.0092 3484 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:55:35.0102 3484 VSS - ok
00:55:35.0252 3484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:55:35.0252 3484 vwifibus - ok
00:55:35.0302 3484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:55:35.0302 3484 vwififlt - ok
00:55:35.0342 3484 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:55:35.0342 3484 vwifimp - ok
00:55:35.0392 3484 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:55:35.0402 3484 W32Time - ok
00:55:35.0522 3484 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
00:55:35.0522 3484 W3SVC - ok
00:55:35.0552 3484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:55:35.0562 3484 WacomPen - ok
00:55:35.0652 3484 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:55:35.0652 3484 WANARP - ok
00:55:35.0692 3484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:55:35.0692 3484 Wanarpv6 - ok
00:55:35.0702 3484 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
00:55:35.0712 3484 WAS - ok
00:55:35.0912 3484 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:55:35.0922 3484 WatAdminSvc - ok
00:55:36.0082 3484 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:55:36.0092 3484 wbengine - ok
00:55:36.0222 3484 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:55:36.0222 3484 WbioSrvc - ok
00:55:36.0292 3484 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:55:36.0312 3484 wcncsvc - ok
00:55:36.0352 3484 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:55:36.0352 3484 WcsPlugInService - ok
00:55:36.0402 3484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:55:36.0402 3484 Wd - ok
00:55:36.0472 3484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:55:36.0472 3484 Wdf01000 - ok
00:55:36.0502 3484 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:55:36.0502 3484 WdiServiceHost - ok
00:55:36.0512 3484 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:55:36.0512 3484 WdiSystemHost - ok
00:55:36.0592 3484 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:55:36.0592 3484 WebClient - ok
00:55:36.0622 3484 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:55:36.0632 3484 Wecsvc - ok
00:55:36.0652 3484 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:55:36.0662 3484 wercplsupport - ok
00:55:36.0702 3484 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:55:36.0702 3484 WerSvc - ok
00:55:36.0782 3484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:55:36.0782 3484 WfpLwf - ok
00:55:36.0812 3484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:55:36.0812 3484 WIMMount - ok
00:55:36.0822 3484 WinHttpAutoProxySvc - ok
00:55:36.0882 3484 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:55:36.0882 3484 Winmgmt - ok
00:55:37.0102 3484 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:55:37.0112 3484 WinRM - ok
00:55:37.0302 3484 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:55:37.0302 3484 WinUsb - ok
00:55:37.0432 3484 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:55:37.0442 3484 Wlansvc - ok
00:55:37.0772 3484 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:55:37.0782 3484 wlidsvc - ok
00:55:37.0942 3484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:55:37.0942 3484 WmiAcpi - ok
00:55:38.0062 3484 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:55:38.0062 3484 wmiApSrv - ok
00:55:38.0132 3484 WMPNetworkSvc - ok
00:55:38.0172 3484 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:55:38.0172 3484 WPCSvc - ok
00:55:38.0222 3484 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:55:38.0222 3484 WPDBusEnum - ok
00:55:38.0272 3484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:55:38.0272 3484 ws2ifsl - ok
00:55:38.0282 3484 WSearch - ok
00:55:38.0482 3484 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:55:38.0502 3484 wuauserv - ok
00:55:38.0672 3484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:55:38.0672 3484 WudfPf - ok
00:55:38.0712 3484 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:55:38.0712 3484 WUDFRd - ok
00:55:38.0772 3484 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:55:38.0772 3484 wudfsvc - ok
00:55:38.0812 3484 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:55:38.0822 3484 WwanSvc - ok
00:55:38.0892 3484 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:55:38.0902 3484 yukonw7 - ok
00:55:38.0952 3484 MBR (0x1B8) (ccf4c305504c3ee040e94bda0d4d9dbc) \Device\Harddisk0\DR0
00:55:39.0232 3484 \Device\Harddisk0\DR0 - ok
00:55:39.0242 3484 Boot (0x1200) (49475c12da332e82057aefc4c3832879) \Device\Harddisk0\DR0\Partition0
00:55:39.0242 3484 \Device\Harddisk0\DR0\Partition0 - ok
00:55:39.0252 3484 Boot (0x1200) (c97532cf961d36c1932d952638079a96) \Device\Harddisk0\DR0\Partition1
00:55:39.0262 3484 \Device\Harddisk0\DR0\Partition1 - ok
00:55:39.0292 3484 Boot (0x1200) (44d4e6c8668f4d325f10391b4370f84c) \Device\Harddisk0\DR0\Partition2
00:55:39.0292 3484 \Device\Harddisk0\DR0\Partition2 - ok
00:55:39.0322 3484 Boot (0x1200) (6f0b302edf12b01dd75daaaa98ddd4cd) \Device\Harddisk0\DR0\Partition3
00:55:39.0332 3484 \Device\Harddisk0\DR0\Partition3 - ok
00:55:39.0332 3484 ============================================================
00:55:39.0332 3484 Scan finished
00:55:39.0332 3484 ============================================================
00:55:39.0342 0912 Detected object count: 1
00:55:39.0342 0912 Actual detected object count: 1
00:56:00.0298 0912 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:56:00.0298 0912 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
01:03:54.0542 6484 Deinitialize success


ComboFix

ComboFix 12-07-31.03 - butter 08/02/2012 1:31.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.896 [GMT -4:00]
Running from: c:\users\butter\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro AntiVirus *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealScout
c:\program files (x86)\DealScout\deALscout.dll
c:\program files (x86)\DealScout\installer.ico
c:\program files (x86)\DealScout\uninstall.exe
c:\users\butter\AppData\Local\ATI\ATIUpdate\ATIupdt32.dll
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\{edb6ee7a-a353-4082-a056-e12e01ff6547}
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\{edb6ee7a-a353-4082-a056-e12e01ff6547}\chrome.manifest
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\{edb6ee7a-a353-4082-a056-e12e01ff6547}\chrome\xulcache.jar
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\{edb6ee7a-a353-4082-a056-e12e01ff6547}\defaults\preferences\xulcache.js
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\{edb6ee7a-a353-4082-a056-e12e01ff6547}\install.rdf
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\install.rdf
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\butter\Documents\~WRL0003.tmp
c:\windows\System64
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 05:43 . 2012-08-02 05:43 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-02 05:43 . 2012-08-02 05:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 19:01 . 2012-07-31 19:01 -------- d-----w- c:\program files (x86)\Runtime Software
2012-07-31 00:03 . 2012-07-31 07:20 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-07-30 16:31 . 2012-07-30 16:32 -------- dc----w- c:\users\butter\AppData\Local\MigWiz
2012-07-29 22:40 . 2012-07-29 22:40 -------- d-----w- c:\users\butter\AppData\Roaming\SpeedyPC Software
2012-07-29 22:40 . 2012-07-29 22:40 -------- d-----w- c:\users\butter\AppData\Roaming\DriverCure
2012-07-29 22:19 . 2012-07-29 22:19 -------- d-----w- c:\users\butter\AppData\Roaming\Malwarebytes
2012-07-29 22:19 . 2012-07-30 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 05:46 . 2012-07-29 05:46 -------- d-----w- C:\found.000
2012-07-29 05:19 . 2012-07-29 11:59 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-29 04:02 . 2012-07-29 10:02 -------- d-----w- c:\users\butter\AppData\Roaming\FixIt
2012-07-27 23:11 . 2012-07-27 23:11 -------- d-----w- c:\users\butter\AppData\Roaming\Template
2012-07-27 05:40 . 2012-07-27 05:40 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 09:15 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:13 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 05:40 . 2012-04-25 14:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 05:40 . 2011-07-24 23:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 09:05 . 2009-11-28 16:52 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-21 15:19 . 2012-06-21 15:20 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-21 15:19 . 2010-07-18 06:21 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 01:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 01:20 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:20 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 01:20 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 01:19 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 01:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 01:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-17 20:30 . 2009-09-01 08:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-17 20:30 . 2009-09-01 08:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-04 11:06 . 2012-06-13 06:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-15 15:40 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 06:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 06:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-15 15:40 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\butter\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2012-04-01 67968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-17 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [2006-09-15 15992]
R1 kiyfwcdq;kiyfwcdq;c:\windows\system32\drivers\kiyfwcdq.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Connection Software\RcAppSvc.exe [2008-07-10 111896]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Connection Software\ConAppsSvc.exe [2008-07-10 124184]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2008-07-10 42784]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-16 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2006-10-25 123928]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2006-09-15 39288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 Cisco Media Server;Cisco Media Server;c:\program files (x86)\Cisco Media Center\AVMediaServer.exe [2009-03-13 3215360]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [2006-11-01 44152]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [2006-11-01 41976]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [2006-11-01 10360]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [2006-11-01 142200]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [2006-11-01 34552]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [2006-11-01 18040]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [2006-11-01 143736]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [2006-11-01 137080]
S2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe [2008-05-03 1035776]
S2 dldwCATSCustConnectService;dldwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [2009-07-24 33448]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2006-09-15 63608]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\Kodak\printer\center\KodakSvc.exe [2008-07-25 18944]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 05:40]
.
2012-08-01 c:\windows\Tasks\At10.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At12.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2011-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At2.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At4.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2011-12-10 c:\windows\Tasks\At44.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At45.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At47.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At49.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At51.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At53.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At55.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At57.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At59.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At6.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At61.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At63.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At65.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At67.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At69.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At71.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At73.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At75.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At77.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At79.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-01 c:\windows\Tasks\At8.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3037443386-3995476170-3596459551-1000Core.job
- c:\users\butter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-12 22:34]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3037443386-3995476170-3596459551-1000UA.job
- c:\users\butter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-12 22:34]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 18:44]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 18:44]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForbutter.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-08-02 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files (x86)\Kodak\Printer\Center\Kodak.Statistics.exe [2008-07-25 18:34]
.
2012-08-02 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-15 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"combofix"="c:\combofix\CF11151.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/news?q=&FORM=BNFD
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AB6ED51-2DB5-4C12-8AA1-0C6485955649}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - 669d8c17-e6cc-4f08-a754-9c3dffcc950a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-10 - (no file)
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (value not set)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealScout - c:\program files (x86)\DealScout\uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,
ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{0069B690-7A2B-41C5-98CA-9F535B4C8532}"=hex:51,66,7a,6c,4c,1d,38,12,fe,b5,7a,
04,19,34,ab,04,e7,dc,dc,13,5e,12,c1,26
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,
21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD}"=hex:51,66,7a,6c,4c,1d,38,12,d5,10,63,
42,4c,98,d0,00,d8,c1,81,de,39,94,ce,b9
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{58124A0B-DC32-4180-9BFF-E0E21AE34026}"=hex:51,66,7a,6c,4c,1d,38,12,65,49,01,
5c,00,92,ee,04,e4,e9,a3,a2,1f,bd,04,32
"{5AB7104A-B71F-49AD-9154-F7F8806AE848}"=hex:51,66,7a,6c,4c,1d,38,12,24,13,a4,
5e,2d,f9,c3,0c,ee,42,b4,b8,85,34,ac,5c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,38,12,ef,7c,62,
99,7a,df,7c,0a,fa,7e,2a,53,5a,56,39,a4
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{ABD3B5E1-B268-407B-A150-2641DAB8D898}"=hex:51,66,7a,6c,4c,1d,38,12,8f,b6,c0,
af,5a,fc,15,05,de,46,65,01,df,e6,9c,8c
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\S-1-5-21-3037443386-3995476170-3596459551-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\HIÓs*o*r*t*e*d* *B*o*o*k*m*a*r*k*s*\Gems]
"Order"=hex:08,00,00,00,02,00,00,00,a2,00,00,00,01,00,00,00,01,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,c6,00,00,00,95,3d,01,0c,20,00,43,52,59,53,54,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-08-02 01:57:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 05:57
.
Pre-Run: 97,144,717,312 bytes free
Post-Run: 96,466,735,104 bytes free
.
- - End Of File - - 5FF373A47FE96742CE8AFFBB2984ACAE


Security Check


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
McAfee SiteAdvisor
Java™ 6 Update 33
Java™ 6 Update 3
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 10.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


I hope I did everything right. I will be checking out how my computer is running and I'll let you know if I am still having problems. Thank you again for helping me. :)

Buttafly75

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 02 August 2012 - 01:41 PM

I hope I did everything right.

You did! Nicely done. :)


------------------
We've got a little more manual cleaning to do:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::
c:\windows\system32\drivers\kiyfwcdq.sys

Driver::
kiyfwcdq

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Edited by D-FRED-BROWN, 02 August 2012 - 01:42 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 02 August 2012 - 06:19 PM

Good Evening D-FRED-BROWN,

I hope this message finds you doing well. Again, I hope I did this right. I am not sure if I did this right. I saved the CFScript.txt in the same location as ComboFix.exe, which was to my desktop. I tried to drag the file like you said, but the Warning Box kept popping up. However, it did ask to me if I wanted to run the file with Combo and I clicked Run.
Below is the log you requested. I pray I did this right.

C:\ComboFix.txt

ComboFix 12-07-31.03 - butter 08/02/2012 18:36:52.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1612 [GMT -4:00]
Running from: c:\users\butter\Desktop\ComboFix.exe
Command switches used :: c:\users\butter\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\kiyfwcdq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_kiyfwcdq
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 22:48 . 2012-08-02 22:48 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-02 22:48 . 2012-08-02 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 10:11 . 2012-08-02 10:11 69000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B86468A3-CEB2-4801-985B-84D3296F2624}\offreg.dll ERROR(0x00000005)
2012-08-02 10:09 . 2012-07-16 06:40 9133488 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B86468A3-CEB2-4801-985B-84D3296F2624}\mpengine.dll ERROR(0x00000005)
2012-07-31 19:01 . 2012-07-31 19:01 -------- d-----w- c:\program files (x86)\Runtime Software
2012-07-31 00:03 . 2012-07-31 07:20 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-07-30 16:31 . 2012-07-30 16:32 -------- dc----w- c:\users\butter\AppData\Local\MigWiz
2012-07-29 22:40 . 2012-07-29 22:40 -------- d-----w- c:\users\butter\AppData\Roaming\SpeedyPC Software
2012-07-29 22:40 . 2012-07-29 22:40 -------- d-----w- c:\users\butter\AppData\Roaming\DriverCure
2012-07-29 22:19 . 2012-07-29 22:19 -------- d-----w- c:\users\butter\AppData\Roaming\Malwarebytes
2012-07-29 22:19 . 2012-07-30 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 05:46 . 2012-07-29 05:46 -------- d-----w- C:\found.000
2012-07-29 05:19 . 2012-07-29 11:59 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-29 04:02 . 2012-07-29 10:02 -------- d-----w- c:\users\butter\AppData\Roaming\FixIt
2012-07-27 23:11 . 2012-07-27 23:11 -------- d-----w- c:\users\butter\AppData\Roaming\Template
2012-07-11 09:15 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:13 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 18:40 . 2012-04-25 14:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 18:40 . 2011-07-24 23:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 09:05 . 2009-11-28 16:52 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-21 15:19 . 2012-06-21 15:20 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-21 15:19 . 2010-07-18 06:21 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 01:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 01:20 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:20 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 01:20 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 01:19 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 01:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 01:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:25 . 2012-07-11 09:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-31 16:25 . 2010-01-15 20:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-17 20:30 . 2009-09-01 08:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-17 20:30 . 2009-09-01 08:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_05.48.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-02 05:47 . 2012-08-02 05:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 22:50 . 2012-08-02 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 05:47 . 2012-08-02 05:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-02 22:50 . 2012-08-02 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 19:56 . 2012-08-02 22:50 983112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-26 19:56 . 2012-08-02 05:46 983112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-02 05:46 520292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 22:49 520292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-29 03:06 8192000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 18:40 8192000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 03:06 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 18:40 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-19 08:16 . 2012-08-02 22:49 10877844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3037443386-3995476170-3596459551-1000-12288.dat
- 2011-01-19 08:16 . 2012-08-02 05:46 10877844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3037443386-3995476170-3596459551-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\butter\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2012-04-01 67968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-17 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [2006-09-15 15992]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Connection Software\RcAppSvc.exe [2008-07-10 111896]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Connection Software\ConAppsSvc.exe [2008-07-10 124184]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2008-07-10 42784]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-16 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2006-10-25 123928]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2006-09-15 39288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 Cisco Media Server;Cisco Media Server;c:\program files (x86)\Cisco Media Center\AVMediaServer.exe [2009-03-13 3215360]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [2006-11-01 44152]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [2006-11-01 41976]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [2006-11-01 10360]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [2006-11-01 142200]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [2006-11-01 34552]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [2006-11-01 18040]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [2006-11-01 143736]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [2006-11-01 137080]
S2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe [2008-05-03 1035776]
S2 dldwCATSCustConnectService;dldwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [2009-07-24 33448]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2006-09-15 63608]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\Kodak\printer\center\KodakSvc.exe [2008-07-25 18944]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 18:40]
.
2012-08-02 c:\windows\Tasks\At10.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At12.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2011-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At2.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At4.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2011-12-10 c:\windows\Tasks\At44.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At45.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At47.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At49.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At51.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At53.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At55.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At57.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At59.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At6.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At61.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At63.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At65.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At67.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At69.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At71.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At73.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At75.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At77.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At79.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\At8.job
- c:\windows\system32\T3vQxx.com_ [2011-12-10 18:39]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3037443386-3995476170-3596459551-1000Core.job
- c:\users\butter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-12 22:34]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3037443386-3995476170-3596459551-1000UA.job
- c:\users\butter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-12 22:34]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 18:44]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 18:44]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForbutter.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-08-02 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files (x86)\Kodak\Printer\Center\Kodak.Statistics.exe [2008-07-25 18:34]
.
2012-08-02 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-15 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\butter\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"combofix"="c:\combofix\CF15487.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/news?q=&FORM=BNFD
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AB6ED51-2DB5-4C12-8AA1-0C6485955649}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - 669d8c17-e6cc-4f08-a754-9c3dffcc950a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,
ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6
"{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,38,12,e8,1a,a4,
0d,f7,64,43,0d,c9,dd,01,aa,31,aa,bc,4f
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{0069B690-7A2B-41C5-98CA-9F535B4C8532}"=hex:51,66,7a,6c,4c,1d,38,12,fe,b5,7a,
04,19,34,ab,04,e7,dc,dc,13,5e,12,c1,26
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}"=hex:51,66,7a,6c,4c,1d,38,12,82,eb,dd,
21,02,19,d2,04,f4,4e,61,9d,cd,f5,c8,34
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD}"=hex:51,66,7a,6c,4c,1d,38,12,d5,10,63,
42,4c,98,d0,00,d8,c1,81,de,39,94,ce,b9
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{58124A0B-DC32-4180-9BFF-E0E21AE34026}"=hex:51,66,7a,6c,4c,1d,38,12,65,49,01,
5c,00,92,ee,04,e4,e9,a3,a2,1f,bd,04,32
"{5AB7104A-B71F-49AD-9154-F7F8806AE848}"=hex:51,66,7a,6c,4c,1d,38,12,24,13,a4,
5e,2d,f9,c3,0c,ee,42,b4,b8,85,34,ac,5c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,38,12,ef,7c,62,
99,7a,df,7c,0a,fa,7e,2a,53,5a,56,39,a4
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{ABD3B5E1-B268-407B-A150-2641DAB8D898}"=hex:51,66,7a,6c,4c,1d,38,12,8f,b6,c0,
af,5a,fc,15,05,de,46,65,01,df,e6,9c,8c
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\S-1-5-21-3037443386-3995476170-3596459551-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\HIÓs*o*r*t*e*d* *B*o*o*k*m*a*r*k*s*\Gems]
"Order"=hex:08,00,00,00,02,00,00,00,a2,00,00,00,01,00,00,00,01,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,c6,00,00,00,95,3d,01,0c,20,00,43,52,59,53,54,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-08-02 19:00:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 23:00
ComboFix2.txt 2012-08-02 05:57
.
Pre-Run: 96,021,970,944 bytes free
Post-Run: 95,719,817,216 bytes free
.
- - End Of File - - 62EE7391951B50F8A2838ACEB045C0A0

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 02 August 2012 - 06:25 PM

Your logs are looking much better.

Please run this online scan. It will verify if we missed anything:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 04 August 2012 - 04:29 PM

Good Afternoon FRED-D-BROWN,

I hope you are doing good today. I don't know how I missed your last message the other day. I'm sorry about that. I notice my firewall is back working. Thank you! :thumbup2: However, I am still getting pop up adware. Also, I had a hard time posting this message here. Below is the log you requested:


C:\Program Files\EsetOnlineScanner\log.txt


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dc4e339414a9f94bbb12045f35f90d0f
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 09:08:02
# local_time=2012-08-04 05:08:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 19653460 19653460 0 0
# compatibility_mode=5893 16776573 100 94 0 95657384 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34169
# found=0
# cleaned=0
# scan_time=568

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 05 August 2012 - 11:50 AM

Doing good, thanks. :)

Let's see if we can find out what's causing those pop-ups.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 05 August 2012 - 08:59 PM

Good Evening,

Hope everything is still good with you. Below are the requested logs:

OTL.txt

vOTL logfile created on: 8/5/2012 9:37:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\butter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 40.21% Memory free
5.49 Gb Paging File | 2.70 Gb Available in Paging File | 49.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.48 Gb Total Space | 90.13 Gb Free Space | 41.07% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.87 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Computer Name: BUTTER-PC | User Name: butter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 21:35:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\butter\Downloads\OTL.exe
PRC - [2012/07/31 01:36:16 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/12 22:05:57 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/11 18:34:21 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\butter\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/28 20:20:42 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\butter\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/03/13 14:16:16 | 003,215,360 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files (x86)\Cisco Media Center\AVMediaServer.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/11/13 07:43:50 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/07/25 14:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 01:36:14 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 01:36:13 | 012,235,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/31 01:36:12 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 01:34:57 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\libglesv2.dll
MOD - [2012/07/31 01:34:55 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\libegl.dll
MOD - [2012/07/31 01:34:45 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 01:34:43 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 01:34:42 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2012/06/13 05:46:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 05:46:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 05:45:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 05:45:45 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/08 19:09:21 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/08 19:07:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/08 19:07:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/08 19:07:11 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/08 19:06:32 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/08 19:06:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/08 19:06:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/08 19:06:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/08 19:06:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/08 19:05:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/01/21 14:10:57 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/16 12:48:34 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/06/16 12:48:32 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/06/16 12:48:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/10/25 23:27:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/10/25 23:27:54 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/10/25 23:27:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/10/25 23:27:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/10/25 23:27:46 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/10/25 23:27:44 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/10/25 23:27:38 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/10/25 23:27:20 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/24 16:04:18 | 000,033,448 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/03 00:05:10 | 001,035,776 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldwcoms.exe -- (dldw_device)
SRV - [2012/08/02 14:40:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/02 22:56:32 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/24 16:04:18 | 000,033,448 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dldwcoms.exe -- (dldw_device)
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/13 14:16:16 | 003,215,360 | ---- | M] (Cisco Systems, Inc) [Auto | Running] -- C:\Program Files (x86)\Cisco Media Center\AVMediaServer.exe -- (Cisco Media Server)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 07:43:50 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/07/25 14:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/07/10 12:54:58 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Connection Software\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/07/10 12:54:30 | 000,124,184 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Connection Software\ConAppsSvc.exe -- (CAATT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/06/16 15:25:15 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 09:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/07/10 12:45:36 | 000,042,784 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/03 17:21:32 | 000,029,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2007/08/23 08:29:48 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007/08/23 08:29:48 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007/08/23 08:29:48 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/12/02 13:21:14 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\RxFilter.sys -- (RxFilter)
DRV:64bit: - [2006/11/01 09:59:36 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2006/11/01 09:59:26 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2006/11/01 09:59:24 | 000,143,736 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2006/11/01 09:59:24 | 000,137,080 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2006/11/01 09:59:22 | 000,034,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2006/11/01 09:59:20 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2006/11/01 09:59:18 | 000,142,200 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2006/11/01 09:59:18 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2006/10/25 09:22:24 | 000,123,928 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2006/09/15 10:45:30 | 000,039,288 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2006/09/15 10:45:30 | 000,015,992 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2006/09/15 10:42:54 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/12/02 13:21:14 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{35E9167E-0CF1-4A68-ABF3-7AE495F91469}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D870C61B-DDD8-4C25-8692-9728BDBCDE59}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{35E9167E-0CF1-4A68-ABF3-7AE495F91469}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{D870C61B-DDD8-4C25-8692-9728BDBCDE59}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/news?q=&FORM=BNFD
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes,DefaultScope = {BD061579-02C0-45AD-ABDF-3137EEC37D13}
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{35E9167E-0CF1-4A68-ABF3-7AE495F91469}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{44685B60-BDF4-44B1-8B41-6C1A75A375FE}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{56261356-F22C-418A-89CE-0676F552365D}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{BB93F072-FEB1-4CB2-BBF4-6625840A3BCC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{BD061579-02C0-45AD-ABDF-3137EEC37D13}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-offrhap
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\SearchScopes\{F174B737-1DD9-490F-A498-F8F1F4077A45}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\butter\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.5.1: C:\Users\butter\AppData\Local\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\butter\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2012/05/23 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2012/05/23 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/19 22:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/02 12:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/21 15:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/04/13 17:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/31 15:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/23 22:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/23 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/21 11:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/23 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/21 11:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/23 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/21 11:20:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/19 22:32:23 | 000,000,000 | ---D | M]

[2011/12/10 12:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\butter\AppData\Roaming\mozilla\Extensions
[2009/11/19 14:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\butter\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/08/02 01:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions
[2010/10/08 14:07:55 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/09/15 07:30:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/30 16:24:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/30 16:24:56 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/07/04 16:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2010/01/08 19:19:51 | 000,000,000 | ---D | M] (gBing) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\gBing@erickerr
[2011/12/06 11:32:02 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\butter\AppData\Roaming\mozilla\Firefox\Profiles\931mcios.default\extensions\plugin@yontoo.com
[2012/06/21 11:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/21 11:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/12/07 13:06:47 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com
[2011/12/25 16:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/12/25 16:57:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/19 12:11:45 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/11/19 12:11:45 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/11/19 12:11:45 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2012/02/12 19:02:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/27 11:55:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012/05/17 16:30:58 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/09/14 08:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012/02/12 19:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/07/10 12:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2011/12/07 13:01:11 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/12 19:02:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.bing.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language},
CHR - homepage: http://www.bing.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\butter\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\butter\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\butter\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.5.1 (Enabled) = C:\Users\butter\AppData\Local\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\butter\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Webmail Ad Blocker = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\2.30_0\
CHR - Extension: Pool = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Anna Sui = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: Google Search = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Word Search = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\
CHR - Extension: Word Search = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\~
CHR - Extension: Facebook Ads Blocker = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Draw Something = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghdooiiabdiacgocceckacjmmlhkmljh\1.0_0\
CHR - Extension: AdBlock = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.8.2_0\
CHR - Extension: Adblock for Pirate Bay = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd\1.27_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Until AM = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0\
CHR - Extension: Classic Popup Blocker = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp\2.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Vid-Saver = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_0\
CHR - Extension: Gmail = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Lyrics for YouTube by MetroLyrics = C:\Users\butter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkjomccnobbpfpbgdldlefchdnefcioj\2.0.14_0\

O1 HOSTS File: ([2011/12/12 06:15:19 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000..\Run: [Akamai NetSession Interface] C:\Users\butter\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3037443386-3995476170-3596459551-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB6ED51-2DB5-4C12-8AA1-0C6485955649}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB6ED51-2DB5-4C12-8AA1-0C6485955649}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/02 19:00:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/02 18:51:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/02 01:28:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/02 01:28:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/02 01:28:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/02 01:28:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 01:27:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/02 01:02:13 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\butter\Desktop\ComboFix.exe
[2012/08/02 00:49:45 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\butter\Desktop\tdsskiller.exe
[2012/07/31 15:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012/07/31 15:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2012/07/30 20:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2012/07/30 12:31:34 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Local\MigWiz
[2012/07/29 18:40:41 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Roaming\SpeedyPC Software
[2012/07/29 18:40:41 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Roaming\DriverCure
[2012/07/29 18:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/29 18:19:40 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Roaming\Malwarebytes
[2012/07/29 18:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 18:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/29 01:46:22 | 000,000,000 | ---D | C] -- C:\found.000
[2012/07/29 01:19:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/07/29 00:02:01 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Roaming\FixIt
[2012/07/27 19:11:08 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Roaming\Template
[2012/07/27 00:41:07 | 000,000,000 | ---D | C] -- C:\Users\butter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/17 00:49:34 | 000,000,000 | ---D | C] -- C:\Users\butter\Documents\my phone
[2012/07/16 01:49:54 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 01:49:54 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 01:49:54 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/12 16:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2012/07/11 05:03:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 05:03:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 05:03:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 05:03:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 05:03:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 05:03:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 05:03:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 05:03:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 05:03:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 05:03:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 05:03:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 05:03:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 05:03:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 04:13:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 04:13:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 04:13:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 04:12:55 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 04:12:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 21:44:12 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3037443386-3995476170-3596459551-1000Core.job
[2012/08/05 21:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 21:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3037443386-3995476170-3596459551-1000UA.job
[2012/08/05 21:36:35 | 000,013,213 | ---- | M] () -- C:\Users\butter\Desktop\OTL - Shortcut.lnk
[2012/08/05 21:34:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 21:34:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At51.job
[2012/08/05 21:34:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At49.job
[2012/08/05 21:34:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/08/05 21:34:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/08/05 21:33:58 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At55.job
[2012/08/05 21:33:58 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At53.job
[2012/08/05 21:33:57 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At71.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At69.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At67.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At65.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At63.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At61.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At59.job
[2012/08/05 21:33:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At57.job
[2012/08/05 21:33:56 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At75.job
[2012/08/05 21:33:56 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At73.job
[2012/08/05 21:33:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 05:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/08/05 04:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/08/05 03:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/08/05 02:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/08/05 02:23:24 | 000,001,826 | ---- | M] () -- C:\Users\butter\Desktop\SUPERAntiSpyware Free Edition (2).lnk
[2012/08/05 02:23:07 | 000,001,826 | ---- | M] () -- C:\Users\butter\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/05 01:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/08/05 00:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/08/04 23:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At79.job
[2012/08/04 22:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At77.job
[2012/08/04 22:11:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 11:37:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 11:37:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 21:15:50 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/02 18:51:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/08/02 18:51:10 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/08/02 18:50:48 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 16:18:46 | 000,865,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 16:18:46 | 000,723,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 16:18:46 | 000,142,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 14:40:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 14:40:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 01:16:27 | 000,881,494 | ---- | M] () -- C:\Users\butter\Desktop\SecurityCheck.exe
[2012/08/02 01:02:26 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\butter\Desktop\ComboFix.exe
[2012/08/02 00:49:51 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\butter\Desktop\tdsskiller.exe
[2012/07/31 20:29:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/31 15:02:01 | 000,001,095 | ---- | M] () -- C:\Users\butter\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/07/31 15:02:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/07/30 20:33:02 | 000,000,000 | ---- | M] () -- C:\Users\butter\defogger_reenable
[2012/07/29 17:42:14 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/07/29 02:45:23 | 000,000,123 | ---- | M] () -- C:\Users\butter\Desktop\Microsoft Fix it.url
[2012/07/29 02:22:41 | 000,882,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/29 02:09:41 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbutter.job
[2012/07/27 19:11:06 | 000,000,000 | ---- | M] () -- C:\Users\butter\AppData\Roaming\wklnhst.dat
[2012/07/27 16:10:15 | 000,001,744 | ---- | M] () -- C:\Users\butter\Documents\cc_20120727_161006.reg
[2012/07/27 16:02:52 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/12 15:47:26 | 000,232,508 | ---- | M] () -- C:\Users\butter\Documents\Scan0001.jpg
[2012/07/11 05:36:35 | 005,038,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 21:36:35 | 000,013,213 | ---- | C] () -- C:\Users\butter\Desktop\OTL - Shortcut.lnk
[2012/08/05 02:23:24 | 000,001,826 | ---- | C] () -- C:\Users\butter\Desktop\SUPERAntiSpyware Free Edition (2).lnk
[2012/08/05 02:23:07 | 000,001,826 | ---- | C] () -- C:\Users\butter\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/02 01:28:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/02 01:28:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/02 01:28:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/02 01:28:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/02 01:28:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/02 01:16:24 | 000,881,494 | ---- | C] () -- C:\Users\butter\Desktop\SecurityCheck.exe
[2012/07/31 15:02:01 | 000,001,095 | ---- | C] () -- C:\Users\butter\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/07/31 15:02:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/07/30 20:33:02 | 000,000,000 | ---- | C] () -- C:\Users\butter\defogger_reenable
[2012/07/29 17:42:14 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/07/29 02:25:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/28 23:53:34 | 000,000,123 | ---- | C] () -- C:\Users\butter\Desktop\Microsoft Fix it.url
[2012/07/27 19:11:06 | 000,000,000 | ---- | C] () -- C:\Users\butter\AppData\Roaming\wklnhst.dat
[2012/07/27 16:10:10 | 000,001,744 | ---- | C] () -- C:\Users\butter\Documents\cc_20120727_161006.reg
[2012/07/12 15:47:26 | 000,232,508 | ---- | C] () -- C:\Users\butter\Documents\Scan0001.jpg
[2012/04/13 17:54:22 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/12/27 10:19:37 | 000,007,605 | ---- | C] () -- C:\Users\butter\AppData\Local\Resmon.ResmonCfg
[2011/12/21 15:27:53 | 000,007,354 | -HS- | C] () -- C:\ProgramData\t53214cyr5nxq1t6x
[2011/12/21 15:27:52 | 000,007,354 | -HS- | C] () -- C:\Users\butter\AppData\Local\t53214cyr5nxq1t6x
[2011/12/10 14:39:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\T3vQxx.com.b
[2011/12/10 11:42:47 | 000,008,730 | -HS- | C] () -- C:\Users\butter\AppData\Local\177630a3w640h248u308i3yoo8x1
[2011/12/10 11:42:47 | 000,008,730 | -HS- | C] () -- C:\ProgramData\177630a3w640h248u308i3yoo8x1
[2011/12/08 11:43:23 | 000,000,112 | ---- | C] () -- C:\ProgramData\l05g1mYL.dat
[2011/06/27 13:43:33 | 000,001,854 | ---- | C] () -- C:\Users\butter\AppData\Roaming\GhostObjGAFix.xml
[2011/01/27 00:56:45 | 000,000,636 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/12/28 19:09:09 | 000,004,216 | ---- | C] () -- C:\Users\butter\AppData\Local\rx_audio.Cache
[2010/12/28 19:07:17 | 003,600,560 | ---- | C] () -- C:\Users\butter\AppData\Local\rx_image.Cache
[2010/10/16 17:27:11 | 000,000,600 | ---- | C] () -- C:\Users\butter\PUTTY.RND
[2010/10/07 15:22:35 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\DLDWinst.dll
[2010/10/07 15:22:34 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldwcomx.dll
[2010/10/07 15:22:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwinpa.dll
[2010/10/07 15:22:33 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwiesc.dll
[2010/10/07 15:22:32 | 000,536,576 | ---- | C] () -- C:\Windows\SysWow64\dldwutil.dll
[2010/10/07 15:22:32 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\dldwjswr.dll
[2010/10/07 15:22:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldwinsr.dll
[2010/10/07 15:22:32 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldwcur.dll
[2010/10/07 15:22:31 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwpmui.dll
[2010/10/07 15:22:31 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldwinsb.dll
[2010/10/07 15:22:31 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldwins.dll
[2010/10/07 15:22:30 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldwcub.dll
[2010/10/07 15:22:30 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldwcu.dll
[2010/10/07 15:22:29 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwserv.dll
[2010/10/07 15:22:29 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwusb1.dll
[2010/10/07 15:22:28 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwlmpm.dll
[2010/10/07 15:22:27 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwih.exe
[2010/10/07 15:22:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwhbn3.dll
[2010/10/07 15:22:25 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcoms.exe
[2010/10/07 15:22:25 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcomm.dll
[2010/10/07 15:22:24 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcomc.dll
[2010/10/07 15:22:23 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcfg.exe
[2010/09/30 18:07:16 | 000,091,136 | ---- | C] () -- C:\Windows\SendToClip.exe
[2010/09/13 16:56:26 | 000,000,094 | -H-- | C] () -- C:\Windows\SysWow64\wup_WCody.ini
[2010/01/15 20:19:24 | 000,000,189 | ---- | C] () -- C:\Users\butter\webct_upload_applet.properties
[2009/09/01 04:48:27 | 000,000,494 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== Files - Unicode (All) ==========
[2012/06/08 17:07:59 | 000,000,000 | ---D | M](C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????_files) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files
[2012/06/08 17:07:58 | 000,014,885 | ---- | M] ()(C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????.htm) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」.htm
[2012/06/08 17:07:58 | 000,000,000 | ---D | C](C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????_files) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files
[2012/06/08 17:07:44 | 000,014,885 | ---- | C] ()(C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????.htm) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >


Extra.txt


OTL Extras logfile created on: 8/5/2012 9:37:19 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\butter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 40.21% Memory free
5.49 Gb Paging File | 2.70 Gb Available in Paging File | 49.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.48 Gb Total Space | 90.13 Gb Free Space | 41.07% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.87 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Computer Name: BUTTER-PC | User Name: butter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [sendtotoys1add] -- C:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [sendtotoys1add] -- C:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{039C1930-B34D-4B1A-BC29-60473D4CC9AA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{03C6053C-597F-40C8-A3A5-08FF7DD98B3E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0CC73165-3C4A-45E6-9971-C9684D538D6E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0F9587DD-03C8-4157-A77B-970C4A14ED00}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{115C4E56-1067-46C5-B95C-0159BA373027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B9F4BB5-C38B-4F01-8A96-33BA4710D0E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24C205A7-EDFC-4169-81D0-579853176210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A89D13E-A2D1-4035-ABCB-72AEB1497D5C}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{2CDF974B-3854-4480-AD8D-F204771C19BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FC99C8B-61AD-4ED7-A271-D9C3E4D23A52}" = lport=139 | protocol=6 | dir=in | app=system |
"{332A4546-0C28-42CA-A2F8-604E2DD05798}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35AA79A0-8FFD-4D3C-8FC8-B528560DF012}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E539D11-C2A3-4A66-80E2-F8370849C5C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40B87463-7DF7-4AB3-9139-147AF7173A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{427534A0-7A8F-45E4-841F-142051AF1FC5}" = rport=137 | protocol=17 | dir=out | app=system |
"{445A32ED-D379-402F-8D79-46C9796D4F95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F4CF1FF-54EA-40C4-8ED8-A0E96678F988}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{56D8AD24-8412-4C73-9083-BAFB1E21A57A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5823B048-665B-4C94-B1AB-24FF2B558FA0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{5F26C99C-590B-42C2-9A5C-AA18D9C94082}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{69C4BE8A-39EB-4935-B7C3-A3F90C981955}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C8A0E4A-2170-44AE-8170-391BC142B478}" = lport=49180 | protocol=6 | dir=in | name=akamai netsession interface |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FF76BC7-0462-4537-B6BB-E77208674CF0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7483D896-EE88-41EB-A3B6-66B4F3E7763F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7AF49E05-F37C-4EB2-893F-FFCECEFB433A}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{80C54DEF-8D19-4AAD-B95D-D7C15D50FFE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{8147E0BD-8E43-4A62-9D43-B3D327686502}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85426765-5DB7-4663-A4B0-8CCC5D2728CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86A688F9-6FEA-420B-BEAF-6A8CFE4BBA13}" = lport=10243 | protocol=6 | dir=in | app=system |
"{90572630-4067-48F5-B253-EF4122545829}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9A7FA127-F40E-4BA7-AE63-D9D6E45FAC4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F9569B6-E0ED-40F1-910A-50BA6B0929F0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{9FB948F1-6701-43A4-8466-914A067B760D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A65FD19F-1812-4C8A-977E-D676080C6EF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABFFD5F8-843F-4D04-9A94-4D018048BA43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1BC53B4-271E-4FAA-8400-508E49F45353}" = lport=54009 | protocol=6 | dir=in | name=akamai netsession interface |
"{BD875BFE-7465-4C8E-AD68-55C94CEF5706}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5C74E66-5E74-4705-B4CF-6D6F773AD498}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2B097A6-C33F-4108-9BFF-13ACF61D08ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4D77D82-8F19-49A1-86DD-334DFDE0EC3F}" = rport=139 | protocol=6 | dir=out | app=system |
"{E3B72C4D-1897-4DBF-BC1D-010DD4D06675}" = rport=138 | protocol=17 | dir=out | app=system |
"{E590C2E2-2223-4E3C-9BCB-1310042A4DE2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E9623F9E-45B7-4219-9E2E-B715C6F06500}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000BACA5-3A16-4ADC-8180-A42130653323}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05BC48E9-727B-4AB5-A831-0135CCF2FFA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1366AEB8-0637-4886-93F7-CF22D2681000}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14613B82-67E4-454B-90DC-7B8CF5D511A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22C42347-5B12-43FA-A92F-86F7CECD6DA4}" = protocol=17 | dir=in | app=c:\windows\system32\dldwcoms.exe |
"{248F4133-EFC5-434C-AD12-F8CE5F9749AD}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{291283E4-AFA3-46F3-AE06-D5D482CB5F4F}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{2A896F75-6A96-4634-BC40-346FECC842B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37E2D995-3055-4B40-8621-A773B7FE0186}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{39C1FB13-3BB3-4405-939F-1FB17CB89352}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\digital home 9\roxioupnprenderer9.exe |
"{44B36745-F3CD-4A98-A3B2-284F3C8E908E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B4612FF-79ED-406C-B969-8B69D1E33A51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4F53CED3-9EB8-4396-B6D9-B4B8EF3599E1}" = protocol=6 | dir=in | app=c:\users\butter\appdata\local\akamai\netsession_win.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58E330AD-8169-4D14-8642-924AD9D423F3}" = protocol=6 | dir=in | app=c:\windows\system32\dldwcoms.exe |
"{5B3EFB88-00F1-4056-B685-EB20DA93A389}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5DB1A182-6CE0-4AAD-BCCE-23DEBA0FDCD8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60730DA4-6A9C-47C9-8CC7-3A5ACE043FF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{61347EB5-B939-49A0-95CF-DF663680F1E5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v505\frun.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62C2004B-33FA-4B9E-9F51-565D4301A31B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{630581A9-2D9F-4C1E-BEAC-562654D2C79F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74F63F6C-7570-4FE4-994B-4D14728240B9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{79ADC31D-370F-4144-BAAA-06924C04AD4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D24E139-C7FD-4F8B-A2A3-D1421D6542A6}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{7FC5A34D-1835-46D7-A0AB-81DFE5931BD4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldwpswx.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{880BC035-7FCD-4EF1-AAB1-537121C436FA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{89029966-7E8D-42F1-9F4C-E9D066369D08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D759973-ACCC-4F21-95B4-08C7F0EED516}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v505\frun.exe |
"{8E9C14C4-A7D3-4C76-8E21-3DB000B5C970}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{907B00D6-A275-45C2-89C4-E34ECA03530B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{920363B3-E7FB-41C8-9273-F71BF20D6A74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94738348-E897-4AFB-9222-6C08927C5132}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DE2DD5B-76CE-4C1D-AB92-5E8CE36BEED2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E090EA5-94F9-4564-A9FD-64DA6CC34702}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\digital home 9\roxioupnprenderer9.exe |
"{A03860B8-4F7D-4E00-A7DD-839F00551E22}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A398240D-C08C-427C-A661-9FE8C509B667}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9A844C8-C53E-4EB2-B243-CA07A144FFBA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE5265A1-0577-42C0-874A-205F7C6C2B32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B44690E2-FB96-46A7-8E0D-8B6F46B79976}" = protocol=17 | dir=in | app=c:\users\butter\appdata\local\akamai\netsession_win.exe |
"{B50B9276-83E9-4AD8-9774-9CF14B01DC25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6E8BFE0-8FFD-4F34-8753-770F684A71CE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{BAC26085-982A-48DD-9211-6A81A49094C0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldwpswx.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BD517297-6468-469E-A8DD-19DEF1BD59E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BDCD2417-8858-4101-8C53-F4FF0C5562FC}" = protocol=17 | dir=in | app=c:\users\butter\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFFCBC6C-42E9-488B-9F75-97E396DCB3FF}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\digital home 9\roxioupnprenderer9.exe |
"{C2748DFA-AB18-4C72-9812-BFD9CE4893D9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v505\dldwamon.exe |
"{CBFB978D-0BD1-469E-A856-7356FD3B10A1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CFAB7E3C-7300-46C3-995E-F77BF27449F6}" = protocol=6 | dir=in | app=c:\users\butter\appdata\roaming\dropbox\bin\dropbox.exe |
"{D2DB28C3-1D1A-4519-88A1-7B45E28C7C48}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v505\dldwamon.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4D760F5-F29F-47E3-A39F-91ABFD40B2DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8152C2C-2D38-4E52-9926-90C2B98357D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D88F6113-DA9C-44B6-91A2-95F934DBD989}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8EEACF8-E9CC-4677-BE36-3AD9D6FE7D00}" = protocol=6 | dir=out | app=system |
"{DB202359-A155-4D90-9147-5A7ACC7C65AD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{DE20614F-62A3-457D-9DD5-C5FA84CE0BA9}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{E0F30078-20CE-4D52-8524-8C7187A19879}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\digital home 9\roxioupnprenderer9.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E8B70CE1-688D-4175-9F13-5F28C19169E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEAAECA4-3924-4793-8132-DC4ABB82FC50}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"TCP Query User{0C4B2C56-B474-4C0D-8F80-90D8688A0C47}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe |
"TCP Query User{1112C2C9-AD66-4370-B232-EA9E0D290AAD}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"TCP Query User{1DC888CC-9638-4AEA-BA70-513797A12A79}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"TCP Query User{213FCD01-7998-400D-967E-678CAB8430D8}C:\users\butter\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\butter\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4A2AE1AC-3F66-4E8C-87E8-5D61E45C8076}C:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe |
"TCP Query User{65CDD08B-2309-456D-9BEA-DC72FCF1C593}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{8EA71449-2B17-4FFF-9218-EE2699879101}C:\program files (x86)\cisco media center\ciscomediaplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cisco media center\ciscomediaplayer.exe |
"TCP Query User{A70A5FF6-8A46-43B1-B62E-5E62886A5CDC}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{B8B3A684-244A-4E14-94E2-853F852C2D54}C:\users\butter\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\butter\limewire\limewire.exe |
"TCP Query User{FE0B3F15-632F-49AA-AC5A-57B5928603DA}C:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe |
"UDP Query User{01AB73B8-7054-4383-AA94-819BCFB1EA2B}C:\users\butter\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\butter\limewire\limewire.exe |
"UDP Query User{12F77182-41A0-4C50-93F4-18DD43D6DA82}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{18FC61DA-307C-4A6B-859E-A39582339B1F}C:\program files (x86)\cisco media center\ciscomediaplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cisco media center\ciscomediaplayer.exe |
"UDP Query User{1E1E75FC-D8A8-4D71-BAB2-0288CF2EBF7D}C:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe |
"UDP Query User{42789751-FAD5-400E-8C73-B3286BD1CE85}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe |
"UDP Query User{49371339-1B95-4C86-A0F3-7123598058E5}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{4A37E0D2-BBB9-4269-9257-D9ED560EB8BF}C:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\fox carolina desktop alert\trueweather.exe |
"UDP Query User{62C2D354-0370-4107-8663-87757CD75EF4}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"UDP Query User{A62ADD6A-B3B5-416E-90D9-A056E6F2A3C6}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"UDP Query User{DCE49C8A-D304-4F9C-9871-BEA32CA79171}C:\users\butter\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\butter\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}" = Motorola Driver Installation
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3CF97AC1-219E-44DA-B3DE-32FCAD606231}" = HP Officejet 4620 series Product Improvement Study
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4C00EC96-D644-41AD-91D3-A9CE4382C80E}" = Driver Installer
"{559D2B32-5066-4762-A2F2-52831AC6F67B}" = NICI (64 bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FD11A03-5319-45CE-832F-CEA24CDD745F}" = AT&T Connection Software
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}" = HP Officejet 4620 series Basic Device Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"CCleaner" = CCleaner
"Dell V505" = Dell V505
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC Optimizer Pro" = PC Optimizer Pro
"Send To Toys_is1" = Send To Toys v2.61 Beta
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{136E842A-87AC-4CFA-99A0-4D5BF9114566}" = Iminent
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{606C37AB-EB04-4270-A592-201A03C2DB36}" = HP Officejet 4620 series Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{73F80A0C-11B2-4BB2-A9F9-0F14ECF39980}" = Bing Bar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PUBLISHERR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2040694-0DCA-4E8F-A0C8-D4F617320CC0}" = Cisco Media Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AMP Font Viewer" = AMP Font Viewer
"Ares" = Ares 2.1.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DealScout" = DealScout for Internet Explorer
"DivX Setup" = DivX Setup
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FOX Carolina Desktop Alert" = FOX Carolina Desktop Alert
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 2.3
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"IMBoosterARP" = Iminent
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"Mplayer" = Mplayer 0.6.9
"Notepad++" = Notepad++
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PhraseExpress_is1" = PhraseExpress v7.0.166
"PUBLISHERR" = Microsoft Office Publisher 2007
"RealPlayer 15.0" = RealPlayer
"Rhapsody" = Rhapsody
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VLC media player" = VideoLAN VLC media player 1.1.7
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3037443386-3995476170-3596459551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2012 11:35:35 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9999

Error - 4/9/2012 11:35:35 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9999

Error - 4/9/2012 11:35:36 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/9/2012 11:35:36 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11029

Error - 4/9/2012 11:35:36 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11029

Error - 4/9/2012 11:35:37 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/9/2012 11:35:37 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12105

Error - 4/9/2012 11:35:37 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12105

Error - 4/9/2012 11:35:38 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/9/2012 11:35:38 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13182

Error - 4/9/2012 11:35:38 PM | Computer Name = BUTTER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13182

Error - 4/11/2012 5:06:49 AM | Computer Name = butter-PC | Source = Windows Search Service | ID = 3007
Description =

[ Hewlett-Packard Events ]
Error - 7/5/2012 3:33:17 PM | Computer Name = butter-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 2812 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 7/5/2012 3:34:04 PM | Computer Name = butter-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 2812 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 7/6/2012 1:29:10 PM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/6/2012 1:35:26 PM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/6/2012 1:36:24 PM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/6/2012 1:44:03 PM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/6/2012 1:48:10 PM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/29/2012 10:05:50 PM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 8/3/2012 11:39:18 AM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Message: A device
attached to the system is not functioning StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2812 Ram Utilization: 60 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 8/3/2012 11:39:22 AM | Computer Name = butter-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Message: A device
attached to the system is not functioning StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2812 Ram Utilization: 60 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

[ Media Center Events ]
Error - 5/18/2010 2:36:34 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 2:36:33 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 5/18/2010 2:36:56 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 2:36:56 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 5/27/2010 1:39:57 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 1:39:57 PM - Error connecting to the internet. 1:39:57 PM - Unable
to contact server..

Error - 5/27/2010 1:40:33 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 1:40:04 PM - Error connecting to the internet. 1:40:04 PM - Unable
to contact server..

Error - 6/13/2010 12:58:08 AM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 12:58:08 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 7/16/2010 5:01:49 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 5:01:41 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 9/11/2010 1:07:57 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 1:07:57 PM - Error connecting to the internet. 1:07:57 PM - Unable
to contact server..

Error - 9/11/2010 1:08:15 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 1:08:03 PM - Error connecting to the internet. 1:08:03 PM - Unable
to contact server..

Error - 9/11/2010 2:11:37 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 2:11:37 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 9/11/2010 2:12:01 PM | Computer Name = butter-PC | Source = MCUpdate | ID = 0
Description = 2:12:00 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 8/3/2012 11:39:14 AM | Computer Name = butter-PC | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31

Error - 8/3/2012 11:55:14 PM | Computer Name = butter-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/3/2012 11:55:14 PM | Computer Name = butter-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.

Error - 8/3/2012 11:56:02 PM | Computer Name = butter-PC | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31

Error - 8/4/2012 2:24:09 PM | Computer Name = butter-PC | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31

Error - 8/5/2012 3:13:17 AM | Computer Name = butter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.

Error - 8/5/2012 3:13:18 AM | Computer Name = butter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.

Error - 8/5/2012 3:13:18 AM | Computer Name = butter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.

Error - 8/5/2012 3:13:20 AM | Computer Name = butter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.

Error - 8/5/2012 3:13:21 AM | Computer Name = butter-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.


< End of report >

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 05 August 2012 - 09:16 PM

doing good, thanks. Hope you're enjoying your weekend :).

Do you recognize the following file?
  • C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files
Please let me know.


------Step 1------------------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2011/12/21 15:27:53 | 000,007,354 | -HS- | C] () -- C:\ProgramData\t53214cyr5nxq1t6x
    [2011/12/21 15:27:52 | 000,007,354 | -HS- | C] () -- C:\Users\butter\AppData\Local\t53214cyr5nxq1t6x
    [2011/12/10 14:39:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\T3vQxx.com.b
    [2011/12/10 11:42:47 | 000,008,730 | -HS- | C] () -- C:\Users\butter\AppData\Local\177630a3w640h248u308i3yoo8x1
    [2011/12/10 11:42:47 | 000,008,730 | -HS- | C] () -- C:\ProgramData\177630a3w640h248u308i3yoo8x1
    [2011/12/08 11:43:23 | 000,000,112 | ---- | C] () -- C:\ProgramData\l05g1mYL.dat
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


------Step 2------------------------
Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 06 August 2012 - 01:07 AM

Hi there,

I do not recognize the file C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files
Below are the requested logs:

OTL Fix

All processes killed
========== OTL ==========
C:\ProgramData\t53214cyr5nxq1t6x moved successfully.
C:\Users\butter\AppData\Local\t53214cyr5nxq1t6x moved successfully.
C:\Windows\SysWOW64\T3vQxx.com.b moved successfully.
C:\Users\butter\AppData\Local\177630a3w640h248u308i3yoo8x1 moved successfully.
C:\ProgramData\177630a3w640h248u308i3yoo8x1 moved successfully.
C:\ProgramData\l05g1mYL.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: butter
->Temp folder emptied: 189611 bytes
->Temporary Internet Files folder emptied: 35434823 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61570503 bytes
->Google Chrome cache emptied: 135284004 bytes
->Flash cache emptied: 57653 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 229472 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84592 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 222.00 mb


[EMPTYJAVA]

User: All Users

User: butter
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: butter
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08052012_234623

Files\Folders moved on Reboot...
C:\Users\butter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\butter\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
butter :: BUTTER-PC [administrator]

Protection: Disabled

8/6/2012 12:00:57 AM
mbam-log-2012-08-06 (00-00-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 627026
Time elapsed: 1 hour(s), 41 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\butter\Downloads\jenkatarcade.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Windows\System32\T3vQxx.com_ (Trojan.Email) -> Quarantined and deleted successfully.

(end)

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 06 August 2012 - 11:07 AM

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2012/06/08 17:07:59 | 000,000,000 | ---D | M](C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????_files) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files
    [2012/06/08 17:07:58 | 000,014,885 | ---- | M] ()(C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????.htm) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」.htm
    [2012/06/08 17:07:58 | 000,000,000 | ---D | C](C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????_files) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files
    [2012/06/08 17:07:44 | 000,014,885 | ---- | C] ()(C:\Users\butter\Documents\UTUWA?BATHTUB?¦??????·??????????????????.htm) -- C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」.htm
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 06 August 2012 - 01:37 PM

Good Afternoon,

Hope you are doing well today.

Below is the requested log:


OTL Fix


All processes killed
========== OTL ==========
C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files folder moved successfully.
File C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」.htm not found.
Folder C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」_files\ not found.
File C:\Users\butter\Documents\UTUWA【BATHTUB】│ユニットバス・システムバス「スピリチュアルモード」.htm not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: butter
->Temp folder emptied: 5107 bytes
->Temporary Internet Files folder emptied: 646106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 12879819 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17002 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYJAVA]

User: All Users

User: butter
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: butter
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08062012_142954

Files\Folders moved on Reboot...
C:\Users\butter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\butter\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:27 PM

Posted 06 August 2012 - 02:49 PM

Looking better. I wouldn't worry about those files.

Let's run an online scan to verify we haven't missed anything:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 buttafly75

buttafly75
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 06 August 2012 - 05:48 PM

Hi there,

Here is the requested log:

EsetOnlineScanner\log.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dc4e339414a9f94bbb12045f35f90d0f
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 09:08:02
# local_time=2012-08-04 05:08:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 19653460 19653460 0 0
# compatibility_mode=5893 16776573 100 94 0 95657384 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34169
# found=0
# cleaned=0
# scan_time=568
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dc4e339414a9f94bbb12045f35f90d0f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-06 10:38:41
# local_time=2012-08-06 06:38:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 19823093 19823093 0 0
# compatibility_mode=5893 16776573 100 94 0 95827017 0 0
# compatibility_mode=8192 67108863 100 0 83495 83495 0 0
# scanned=425827
# found=25
# cleaned=0
# scan_time=9175
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll Win32/Toolbar.CrossRider application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud12.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\butter\AppData\Local\ATI\ATIUpdate\ATIupdt32.dll.vir a variant of Win32/Kryptik.XVY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\butter\AppData\Roaming\Mozilla\Firefox\Profiles\931mcios.default\extensions\{edb6ee7a-a353-4082-a056-e12e01ff6547}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud12.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\butter\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\butter\Downloads\7zip-setup.exe Win32/DownloadAdmin.A.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\butter\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\butter\Downloads\setup(2).exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZHQVQ0A\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZHQVQ0A\mx_mainxu[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZHQVQ0A\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZHQVQ0A\mx_mainxu[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/RegistryBooster application 00000000000000000000000000000000 I




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users