Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - I don't know what I have done to my computer


  • Please log in to reply
17 replies to this topic

#1 TinaMW

TinaMW

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 16 July 2013 - 07:59 PM

Hi,

 

Hopefully you can help me.  It takes forever to restart my computer... that is the main problem.  But now, I am having various other issues with it.  I am sure that I have a virus or malware on my computer but need help finding it and fixing it. 

 

I have a laptop with Windows 7 on it.  Just let me know what other info you need and I will be glad to provide it.

 

Thanks so much!

 

Tina



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 16 July 2013 - 08:03 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 16 July 2013 - 10:21 PM

Thanks so much for your quick reply.  I am pasting the log below for you...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by SYSTEM on 16-07-2013 20:36:03
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-18] ()
HKLM\...\Run: [Microsoft Pinyin IME Migration] - C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Mcx1-TINA-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\Tina\...\Run: [Facebook Update] - "C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-07-15] (Facebook Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [138096 2013-07-15] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264488 2013-03-05] (Systweak Software, (www.systweak.com))
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [321024 2013-05-08] (Alcatel-Lucent)
S2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S2 DefaultTabUpdate; C:\Users\Tina\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-01-27] ()
S2 HPSLPSVC; C:\Users\Tina\AppData\Local\Temp\7zS1596\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ACPIService; C:\Windows\System32\DRIVERS\ATKACPI.SYS [17992 2009-06-19] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-28] (GFI Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S2 ntk_dtv; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-09-17] (Cyberlink Corp.)
S2 ntk_dtv; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-09-17] (Cyberlink Corp.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [51248 2008-12-02] (Sonix)
S3 mfeavfk01; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 tmlwf;
S3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 20:35 - 2013-07-16 20:35 - 00000000 ____D C:\FRST
2013-07-16 17:15 - 2013-07-16 17:15 - 01778253 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe
2013-07-16 16:51 - 2013-07-16 16:51 - 00014070 _____ C:\Users\Tina\Downloads\hijackthis.log
2013-07-16 16:49 - 2013-07-16 16:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tina\Downloads\HijackThis.exe
2013-07-16 14:01 - 2013-07-16 14:01 - 13475464 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\mseinstall.exe
2013-07-16 13:44 - 2013-07-16 13:46 - 87960848 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\msert(2).exe
2013-07-16 13:38 - 2013-07-16 13:40 - 87960848 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\msert.exe
2013-07-16 13:38 - 2013-07-16 13:38 - 01048576 _____ C:\Users\Tina\Downloads\msert(1).exe
2013-07-15 14:42 - 2013-07-15 14:42 - 00276008 _____ C:\Windows\Minidump\071513-764950-01.dmp
2013-07-14 11:44 - 2013-07-14 11:46 - 00276008 _____ C:\Windows\Minidump\071413-865212-01.dmp
2013-07-14 10:30 - 2013-07-14 10:30 - 00283832 _____ C:\Windows\Minidump\071413-778616-01.dmp
2013-07-14 10:15 - 2013-07-14 10:15 - 00000000 __SHD C:\found.000
2013-07-13 17:31 - 2013-07-13 17:31 - 00283832 _____ C:\Windows\Minidump\071313-769428-01.dmp
2013-07-12 19:47 - 2013-07-12 19:47 - 00000000 _____ C:\Windows\System32\SBRC.dat
2013-07-10 17:20 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 17:20 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 17:20 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 17:20 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 17:20 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 17:20 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 17:20 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 17:20 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 17:20 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 17:20 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 17:20 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 17:20 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 17:20 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 17:20 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 17:20 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 17:20 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 17:20 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 17:20 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 17:20 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 17:20 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 17:20 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 17:20 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 16:13 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 16:13 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 16:13 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 16:13 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 16:13 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 16:13 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 16:13 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 16:02 - 2013-07-09 16:02 - 00000000 ____D C:\ASUS WebStorage
2013-07-07 18:32 - 2013-07-07 18:33 - 00276008 _____ C:\Windows\Minidump\070713-726044-01.dmp
2013-07-01 20:03 - 2013-07-01 20:04 - 00276008 _____ C:\Windows\Minidump\070113-771284-01.dmp
2013-06-30 17:26 - 2013-06-30 17:27 - 00276008 _____ C:\Windows\Minidump\063013-760629-01.dmp
2013-06-30 16:29 - 2013-06-30 16:29 - 00000000 _____ C:\Windows\Minidump\063013-662224-01.dmp
2013-06-30 15:49 - 2013-06-30 15:49 - 00276064 _____ C:\Windows\Minidump\063013-759709-01.dmp
2013-06-30 14:40 - 2013-07-02 15:19 - 00005695 _____ C:\StartUpManager_scandataINPUT.xml
2013-06-30 14:40 - 2013-07-02 15:19 - 00003012 _____ C:\StartUpManager_scandataOUTPUT.xml
2013-06-30 10:39 - 2013-06-30 10:39 - 00283776 _____ C:\Windows\Minidump\063013-848255-01.dmp
2013-06-29 19:56 - 2013-06-29 19:56 - 00003162 _____ C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2013-06-29 17:14 - 2013-06-29 17:14 - 05616264 _____ (Lavasoft Limited) C:\Users\Tina\Downloads\Adaware_Installer(1).exe
2013-06-28 21:19 - 2013-07-16 12:39 - 00003108 _____ C:\Windows\System32\Tasks\ASO-System Protector_startup
2013-06-28 20:02 - 2013-06-28 20:02 - 00003096 _____ C:\Windows\System32\Tasks\ASUSControlDeck
2013-06-28 20:02 - 2013-06-28 20:02 - 00002595 _____ C:\Users\Public\Desktop\ControlDeck.lnk
2013-06-28 20:01 - 2013-06-28 20:01 - 01882472 _____ C:\Users\Tina\Downloads\ControlDeck_WIN7_32_64_z106.zip
2013-06-28 19:53 - 2013-06-28 19:53 - 00641991 _____ C:\Users\Tina\Downloads\WLAN_AW-NE785_WIN7_32_Z800316.zip
2013-06-28 19:27 - 2013-06-30 02:55 - 00000000 ____D C:\Users\Tina\AppData\Local\LogMeIn Rescue Applet
2013-06-26 03:04 - 2013-06-26 03:04 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-06-26 03:04 - 2013-06-26 03:04 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2013-06-26 03:04 - 2013-06-26 03:04 - 00000000 ____D C:\Program Files\Synaptics
2013-06-26 03:03 - 2013-06-29 05:28 - 00016640 _____ C:\Windows\DPINST.LOG
2013-06-26 03:03 - 2013-06-29 05:28 - 00001368 _____ C:\Windows\Synaptics.log
2013-06-26 03:03 - 2013-05-07 13:41 - 00819440 _____ (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2013-06-26 03:03 - 2013-05-07 13:41 - 00524016 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-06-26 03:03 - 2013-05-07 13:41 - 00351984 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2013-06-26 03:03 - 2013-05-07 13:41 - 00264432 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-06-26 03:03 - 2013-05-07 13:41 - 00192240 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo19.dll
2013-06-26 03:03 - 2013-05-07 13:41 - 00151280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2013-06-26 03:03 - 2013-05-07 13:41 - 00033008 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\Smb_driver_Intel.sys
2013-06-25 19:02 - 2013-07-11 07:40 - 00001652 _____ C:\Windows\System32\ASOROSet.bin
2013-06-25 18:34 - 2013-06-25 18:34 - 00000000 ____D C:\Windows\Repair
2013-06-25 18:24 - 2013-06-28 21:19 - 00000000 ____D C:\Users\Tina\AppData\Roaming\Systweak
2013-06-25 18:21 - 2013-07-11 08:03 - 00000428 _____ C:\Windows\Tasks\ASO-OneClickCare.job
2013-06-25 18:21 - 2013-07-09 18:34 - 00000458 _____ C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2013-06-25 18:21 - 2013-06-25 18:34 - 00003328 _____ C:\Windows\System32\Tasks\ASO-AutoCheckUpdate7Days
2013-06-25 18:21 - 2013-06-25 18:21 - 00003302 _____ C:\Windows\System32\Tasks\ASO-OneClickCare
2013-06-25 18:21 - 2013-06-25 18:21 - 00002294 _____ C:\Users\Public\Desktop\Smart PC Care.lnk
2013-06-25 18:21 - 2013-06-25 18:21 - 00002262 _____ C:\Users\Public\Desktop\Advanced System Optimizer.lnk
2013-06-25 18:21 - 2013-03-05 13:55 - 00019752 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-06-25 18:21 - 2008-11-20 21:08 - 00016896 _____ C:\Windows\System32\sasnative64.exe
2013-06-25 18:20 - 2013-06-26 01:30 - 00000000 ____D C:\ProgramData\Systweak
2013-06-25 18:20 - 2013-06-25 18:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Optimizer 3
2013-06-25 18:18 - 2013-06-25 18:19 - 14915960 _____ (Systweak Software                                           ) C:\Users\Tina\Downloads\aso3setup_ttr.exe
2013-06-25 18:08 - 2013-07-16 17:12 - 00006532 _____ C:\Windows\setupact.log
2013-06-25 18:08 - 2013-06-25 18:08 - 00000000 _____ C:\Windows\setuperr.log
2013-06-25 18:04 - 2013-07-11 07:59 - 00016566 _____ C:\Windows\PFRO.log
2013-06-25 17:48 - 2013-06-25 18:22 - 00000137 _____ C:\Users\Tina\Documents\PC Fix.txt
2013-06-25 17:30 - 2013-06-25 17:30 - 00000000 ____D C:\Users\Tina\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-25 17:29 - 2013-06-25 17:26 - 21840856 _____ (Mozilla) C:\Users\Tina\Downloads\FirefoxSetup.exe
2013-06-17 18:09 - 2013-06-17 18:09 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar

==================== One Month Modified Files and Folders =======

2013-07-16 20:35 - 2013-07-16 20:35 - 00000000 ____D C:\FRST
2013-07-16 17:26 - 2010-01-15 23:34 - 01579609 _____ C:\Windows\WindowsUpdate.log
2013-07-16 17:15 - 2013-07-16 17:15 - 01778253 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe
2013-07-16 17:15 - 2009-07-13 21:13 - 00730532 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-16 17:12 - 2013-06-25 18:08 - 00006532 _____ C:\Windows\setupact.log
2013-07-16 16:52 - 2013-04-11 14:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 16:51 - 2013-07-16 16:51 - 00014070 _____ C:\Users\Tina\Downloads\hijackthis.log
2013-07-16 16:49 - 2013-07-16 16:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tina\Downloads\HijackThis.exe
2013-07-16 16:49 - 2013-06-01 16:47 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-07-16 16:46 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 16:46 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 16:41 - 2012-08-20 17:56 - 00001830 _____ C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-16 15:55 - 2013-05-10 17:13 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001UA.job
2013-07-16 15:32 - 2013-01-27 17:23 - 00000412 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
2013-07-16 15:32 - 2013-01-27 17:23 - 00000412 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-07-16 15:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 15:31 - 2009-07-13 21:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-16 14:01 - 2013-07-16 14:01 - 13475464 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\mseinstall.exe
2013-07-16 13:46 - 2013-07-16 13:44 - 87960848 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\msert(2).exe
2013-07-16 13:40 - 2013-07-16 13:38 - 87960848 _____ (Microsoft Corporation) C:\Users\Tina\Downloads\msert.exe
2013-07-16 13:38 - 2013-07-16 13:38 - 01048576 _____ C:\Users\Tina\Downloads\msert(1).exe
2013-07-16 12:55 - 2013-05-10 17:13 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001Core.job
2013-07-16 12:39 - 2013-06-28 21:19 - 00003108 _____ C:\Windows\System32\Tasks\ASO-System Protector_startup
2013-07-16 07:14 - 2010-07-26 18:05 - 00000000 ____D C:\Program Files (x86)\ATT
2013-07-15 14:45 - 2013-03-28 18:39 - 00001870 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-15 14:42 - 2013-07-15 14:42 - 00276008 _____ C:\Windows\Minidump\071513-764950-01.dmp
2013-07-15 14:42 - 2010-06-23 12:16 - 00000000 ____D C:\Windows\Minidump
2013-07-15 12:50 - 2013-05-10 17:13 - 00003898 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001UA
2013-07-15 12:50 - 2013-05-10 17:13 - 00003530 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001Core
2013-07-15 11:37 - 2010-01-16 00:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-14 21:12 - 2010-06-05 06:55 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{774CCC11-FDA9-41BD-8095-21AEC4308656}
2013-07-14 12:19 - 2012-07-26 15:49 - 00001350 _____ C:\Users\Tina\Desktop\ROBLOX Player.lnk
2013-07-14 11:46 - 2013-07-14 11:44 - 00276008 _____ C:\Windows\Minidump\071413-865212-01.dmp
2013-07-14 10:30 - 2013-07-14 10:30 - 00283832 _____ C:\Windows\Minidump\071413-778616-01.dmp
2013-07-14 10:15 - 2013-07-14 10:15 - 00000000 __SHD C:\found.000
2013-07-13 17:31 - 2013-07-13 17:31 - 00283832 _____ C:\Windows\Minidump\071313-769428-01.dmp
2013-07-12 19:47 - 2013-07-12 19:47 - 00000000 _____ C:\Windows\System32\SBRC.dat
2013-07-11 15:52 - 2010-05-24 16:10 - 00000000 ____D C:\users\Tina
2013-07-11 08:04 - 2009-07-13 20:45 - 00517432 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 08:03 - 2013-06-25 18:21 - 00000428 _____ C:\Windows\Tasks\ASO-OneClickCare.job
2013-07-11 08:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 07:59 - 2013-06-25 18:04 - 00016566 _____ C:\Windows\PFRO.log
2013-07-11 07:45 - 2009-07-13 18:34 - 92798976 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-07-11 07:45 - 2009-07-13 18:34 - 22806528 _____ C:\Windows\System32\config\SYSTEM.bak
2013-07-11 07:45 - 2009-07-13 18:34 - 00028672 _____ C:\Windows\System32\config\SECURITY.bak
2013-07-11 07:40 - 2013-06-25 19:02 - 00001652 _____ C:\Windows\System32\ASOROSet.bin
2013-07-11 07:21 - 2009-07-13 18:34 - 00094208 _____ C:\Windows\System32\config\SAM.bak
2013-07-10 17:37 - 2013-02-28 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-10 17:22 - 2010-05-25 13:46 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 17:22 - 2010-01-15 23:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 17:11 - 2013-03-13 13:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 17:11 - 2013-03-13 13:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 18:34 - 2013-06-25 18:21 - 00000458 _____ C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2013-07-09 16:02 - 2013-07-09 16:02 - 00000000 ____D C:\ASUS WebStorage
2013-07-07 18:33 - 2013-07-07 18:32 - 00276008 _____ C:\Windows\Minidump\070713-726044-01.dmp
2013-07-02 15:19 - 2013-06-30 14:40 - 00005695 _____ C:\StartUpManager_scandataINPUT.xml
2013-07-02 15:19 - 2013-06-30 14:40 - 00003012 _____ C:\StartUpManager_scandataOUTPUT.xml
2013-07-01 20:04 - 2013-07-01 20:03 - 00276008 _____ C:\Windows\Minidump\070113-771284-01.dmp
2013-07-01 19:17 - 2013-06-10 09:26 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-07-01 19:11 - 2013-03-28 18:38 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-01 19:10 - 2013-03-28 18:37 - 00000000 ____D C:\Users\Tina\AppData\Roaming\Ad-Aware Antivirus
2013-06-30 17:27 - 2013-06-30 17:26 - 00276008 _____ C:\Windows\Minidump\063013-760629-01.dmp
2013-06-30 16:29 - 2013-06-30 16:29 - 00000000 _____ C:\Windows\Minidump\063013-662224-01.dmp
2013-06-30 15:49 - 2013-06-30 15:49 - 00276064 _____ C:\Windows\Minidump\063013-759709-01.dmp
2013-06-30 10:39 - 2013-06-30 10:39 - 00283776 _____ C:\Windows\Minidump\063013-848255-01.dmp
2013-06-30 02:55 - 2013-06-28 19:27 - 00000000 ____D C:\Users\Tina\AppData\Local\LogMeIn Rescue Applet
2013-06-29 19:56 - 2013-06-29 19:56 - 00003162 _____ C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2013-06-29 19:56 - 2010-07-26 17:38 - 00000000 ____D C:\Program Files\Common Files\Motive
2013-06-29 19:56 - 2010-01-16 00:30 - 00004245 _____ C:\Windows\System32\ServiceFilter.ini
2013-06-29 17:14 - 2013-06-29 17:14 - 05616264 _____ (Lavasoft Limited) C:\Users\Tina\Downloads\Adaware_Installer(1).exe
2013-06-29 05:28 - 2013-06-26 03:03 - 00016640 _____ C:\Windows\DPINST.LOG
2013-06-29 05:28 - 2013-06-26 03:03 - 00001368 _____ C:\Windows\Synaptics.log
2013-06-29 05:24 - 2013-01-27 17:13 - 00000000 ____D C:\Users\Tina\AppData\Roaming\Qwiklinx
2013-06-28 21:19 - 2013-06-25 18:24 - 00000000 ____D C:\Users\Tina\AppData\Roaming\Systweak
2013-06-28 20:02 - 2013-06-28 20:02 - 00003096 _____ C:\Windows\System32\Tasks\ASUSControlDeck
2013-06-28 20:02 - 2013-06-28 20:02 - 00002595 _____ C:\Users\Public\Desktop\ControlDeck.lnk
2013-06-28 20:01 - 2013-06-28 20:01 - 01882472 _____ C:\Users\Tina\Downloads\ControlDeck_WIN7_32_64_z106.zip
2013-06-28 19:59 - 2010-03-22 11:23 - 00305720 _____ (ASUSTek COMPUTER INC.) C:\Users\Tina\Desktop\PNPINST.exe
2013-06-28 19:59 - 2010-03-22 11:23 - 00000198 _____ C:\Users\Tina\Desktop\2KSETUP.INI
2013-06-28 19:59 - 2010-03-09 17:25 - 00053352 _____ C:\Users\Tina\Desktop\athrext.cat
2013-06-28 19:59 - 2010-03-02 13:43 - 01263104 _____ (Atheros Communications, Inc.) C:\Users\Tina\Desktop\athr.sys
2013-06-28 19:53 - 2013-06-28 19:53 - 00641991 _____ C:\Users\Tina\Downloads\WLAN_AW-NE785_WIN7_32_Z800316.zip
2013-06-26 14:30 - 2010-01-28 17:22 - 00000000 ____D C:\Users\Tina\AppData\Local\Microsoft Games
2013-06-26 12:39 - 2013-06-05 11:54 - 00000000 ____D C:\Users\Tina\Documents\ASUS
2013-06-26 03:04 - 2013-06-26 03:04 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-06-26 03:04 - 2013-06-26 03:04 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2013-06-26 03:04 - 2013-06-26 03:04 - 00000000 ____D C:\Program Files\Synaptics
2013-06-26 01:30 - 2013-06-25 18:20 - 00000000 ____D C:\ProgramData\Systweak
2013-06-26 01:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 19:44 - 2010-01-16 00:30 - 00002846 _____ C:\Windows\System32\AutoRunFilter.ini
2013-06-25 18:34 - 2013-06-25 18:34 - 00000000 ____D C:\Windows\Repair
2013-06-25 18:34 - 2013-06-25 18:21 - 00003328 _____ C:\Windows\System32\Tasks\ASO-AutoCheckUpdate7Days
2013-06-25 18:26 - 2013-06-25 18:20 - 00000000 ____D C:\Program Files (x86)\Advanced System Optimizer 3
2013-06-25 18:22 - 2013-06-25 17:48 - 00000137 _____ C:\Users\Tina\Documents\PC Fix.txt
2013-06-25 18:21 - 2013-06-25 18:21 - 00003302 _____ C:\Windows\System32\Tasks\ASO-OneClickCare
2013-06-25 18:21 - 2013-06-25 18:21 - 00002294 _____ C:\Users\Public\Desktop\Smart PC Care.lnk
2013-06-25 18:21 - 2013-06-25 18:21 - 00002262 _____ C:\Users\Public\Desktop\Advanced System Optimizer.lnk
2013-06-25 18:19 - 2013-06-25 18:18 - 14915960 _____ (Systweak Software                                           ) C:\Users\Tina\Downloads\aso3setup_ttr.exe
2013-06-25 18:08 - 2013-06-25 18:08 - 00000000 _____ C:\Windows\setuperr.log
2013-06-25 18:04 - 2012-05-03 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-25 17:30 - 2013-06-25 17:30 - 00000000 ____D C:\Users\Tina\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-25 17:30 - 2011-06-27 09:17 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:26 - 2013-06-25 17:29 - 21840856 _____ (Mozilla) C:\Users\Tina\Downloads\FirefoxSetup.exe
2013-06-25 17:24 - 2013-06-01 16:47 - 00000000 ____D C:\Users\Tina\AppData\Local\FileTypeAssistant
2013-06-25 10:54 - 2010-06-20 12:58 - 00000000 ____D C:\Program Files\McAfee
2013-06-17 18:09 - 2013-06-17 18:09 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-06-17 18:09 - 2011-01-27 16:03 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3948.54 MB
Available physical RAM: 3340.41 MB
Total Pagefile: 3946.69 MB
Available Pagefile: 3335.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:16.78 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:208.92 GB) (Free:208.88 GB) NTFS (Disk=0 Partition=3)
Drive f: (TRAVELDRIVE) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=209 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 246 MB) (Disk ID: C0A48203)
Partition 1: (Active) - (Size=246 MB) - (Type=0E)


LastRegBack: 2013-07-12 22:47

==================== End Of Log ============================

 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 17 July 2013 - 08:13 AM

Download the enclosed file. [attachment=139941:fixlist.txt]

 

Save it next to FRST.

 

Run FRST as you did before, except that his time around, click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.
 

Boot in Normal Mode.  If successful, follow these steps:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 17 July 2013 - 06:18 PM

OK, I did everything you advised...

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-07-2013 03
Ran by SYSTEM at 2013-07-17 16:40:19 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

HKU\Mcx1-TINA-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

==== End of Fixlog ====

 

 

 

 

 

 

 

 

 

AdwCleaner[S1].txt

 

 

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 17:16:12
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tina - TINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Tina\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Qwiklinx
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Tina\AppData\Local\Conduit
Folder Deleted : C:\Users\Tina\AppData\Local\Giant Savings Extension
Folder Deleted : C:\Users\Tina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tina\AppData\LocalLow\delta
Folder Deleted : C:\Users\Tina\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Tina\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Tina\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Tina\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\ConduitCommon
Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\CT2559647
Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\jetpack
Folder Deleted : C:\Users\Tina\AppData\Roaming\Qwiklinx
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\f55dbd9e06ebf42
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\f55dbd9e06ebf42
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\prefs.js

C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\user.js ... Deleted !

Deleted : user_pref("CT2559647..clientLogIsEnabled", false);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Wed Apr 18 2012 21:16:54 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2559647.CTID", "CT2559647");
Deleted : user_pref("CT2559647.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2559647.CurrentServerDate", "17-7-2013");
Deleted : user_pref("CT2559647.DSChangedManually", false);
Deleted : user_pref("CT2559647.DSProtectChoice", true);
Deleted : user_pref("CT2559647.DSProtectCount", 1);
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Tue Jul 16 2013 19:06:37 GMT-0500 (Central Standa[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Wed Feb 29 2012 19:29:26 GMT-060[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Wed Feb 29 2012 19:29:26 GMT-060[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Wed Feb 29 2012 19:29:26 GMT-060[...]
Deleted : user_pref("CT2559647.FirstServerDate", "16-10-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2559647.GroupingInvalidateCache", false);
Deleted : user_pref("CT2559647.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2559647.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2559647.HomepageBeforeUnload", "about:home");
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2559647.InstallationId", "CT2559647_Coupons.exe");
Deleted : user_pref("CT2559647.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2559647.InstalledDate", "Sat Oct 15 2011 19:48:21 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2559647.InvalidateCache", false);
Deleted : user_pref("CT2559647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsInitSetupIni", true);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", false);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", true);
Deleted : user_pref("CT2559647.IsProtectorsInit", true);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Sat Jun 29 2013 08:36:48 GMT-0500 (Central Standar[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.10.0.1", "Wed Apr 18 2012 21:14:43 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.12.0.7", "Wed Apr 25 2012 19:15:28 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.12.2.3", "Wed May 30 2012 20:04:45 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.13.0.6", "Wed Jul 18 2012 10:14:35 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.14.1.0", "Wed Aug 22 2012 19:48:52 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.15.1.0", "Thu Nov 08 2012 19:11:28 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.16.0.3", "Sun Feb 10 2013 15:03:25 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.18.0.7", "Sun Jul 14 2013 21:16:57 GMT-0500 (Central Standard Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.19.0.3", "Wed Jul 17 2013 15:59:42 GMT-0500 (Central Standard Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.5.1.1", "Sat Oct 15 2011 19:48:21 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2559647.LastLogin_3.8.0.8", "Sun Jan 08 2012 12:07:06 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2559647.LastLogin_3.9.0.3", "Sat Apr 14 2012 11:01:04 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.19.0.3");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2559647.OriginalFirstVersion", "3.5.1.1");
Deleted : user_pref("CT2559647.RadioLastCheckTime", "0");
Deleted : user_pref("CT2559647.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2559647.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "Coupons.com Customized Web Search");
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Wed Jul 17 2013 15:59:41 GMT-0500 (Central Stand[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2559647.SearchProtectorEnabled", true);
Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Wed Jul 17 2013 15:59:42 GMT-0500 (Central Standard [...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Wed Jul 17 2013 15:59:40 GMT-0500 (Central Standard Ti[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1374046324");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Sat Apr 14 2012 11:01:02 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2559647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2559647.UserID", "UN50061229223135587");
Deleted : user_pref("CT2559647.ValidationData_Search", 2);
Deleted : user_pref("CT2559647.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Sat Apr 14 2012 11:01:05 GMT-0500 (Central [...]
Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.initDone", true);
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Deleted : user_pref("CT2559647.revertSettingsEnabled", false);
Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Wed Jul 17 2013 15:59:45 GMT-0500 (Central S[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Sat Apr 14 2012 11:01:04 GMT-0500 (Central D[...]
Deleted : user_pref("CT2559647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5b0[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Tina\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2559647");
Deleted : user_pref("CommunityToolbar.globalUserId", "6d5d0116-b18a-40c3-97bc-423a184f3007");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 14 2012 11:01:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 14 2012 11:01:11 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 14 2012 11:01:03 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "0836ec2c-c330-4fca-9b25-5b32046a88e2");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119351&babsrc[...]
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.id", "dc50dbc30000000000002225d3cccb6e");
Deleted : user_pref("extensions.delta.instlDay", "15752");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.09:04:06");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1350653433443");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10678");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "9B0A0E2BDF203BE4BC5B1199591FDAD7");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "dc50dbc30000000000000625d3cccb6e");
Deleted : user_pref("extensions.incredibar.id", "dc50dbc30000000000000625d3cccb6e");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15629");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15629");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", true);
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1418:05:17");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "111");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQMQIbZFq&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQMQIbZFq&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQMQIbZFq");
Deleted : user_pref("extensions.incredibar.upn2n", "92543763325166564");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1418:05:17");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1418:05:17");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10678");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "dc50dbc30000000000000625d3cccb6e");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15629");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "111");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQMQIbZFq&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQMQIbZFq");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543763325166564");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:05:17");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Amazon");
Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [34372 octets] - [17/07/2013 17:16:12]

########## EOF - C:\AdwCleaner[S1].txt - [34433 octets] ##########
 

 

 

 

 

 

mbam-log

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Tina :: TINA-PC [administrator]

7/17/2013 6:01:07 PM
mbam-log-2013-07-17 (18-01-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247812
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKCR\batfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and repaired successfully.
HKCR\comfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and repaired successfully.
HKCR\piffile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and repaired successfully.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by thisisu, 17 July 2013 - 06:55 PM.
JRT code removed - JRT.txt was not pasted


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 17 July 2013 - 07:31 PM

Please run the Junkware Removal Tool once again. The file association was incorrect and Malwarebytes corrected it.

 

Download OTL  to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  • OTL should now start. Change the following settings
    • Change Drivers to All

    • Change Standard Registry to All

    • Under File Scans, change File age to 30


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.

    • Please post  the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.


 

 

 

 

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 17 July 2013 - 08:32 PM

OK, I ran the Junkware Removal Tool again...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.5 (07.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by Tina on Wed 07/17/2013 at 19:55:16.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67BF5911-2715-4C58-AA83-EBAB6E773366}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96F8FD76-7EDE-43FA-8253-4F34E704F75F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AE2D32D1-0D2A-49A3-8263-6CA9C04E757A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Tina\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Tina\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Tina\appdata\local\strongvault"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100884.rs"
Successfully deleted: [Folder] "C:\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\33q9h039.default\jetpack
Successfully deleted: [Folder] C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\33q9h039.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted the following from C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\33q9h039.default\prefs.js

user_pref("browser.search.defaulturl", "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=25A37DDDAE1C802F4EBE745154FE92E1");
user_pref("browser.search.selectedEngine", "SecureSearch");
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\
user_pref("extensions.crossrider.bic", "13a70bfca910fd0a609805acca4a7c45");
user_pref("extensions.defaulttab.browserID", "68B4968EE010724970675D8B334CA908");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "2.0");
user_pref("extensions.defaulttab.lastUsed", 1365134066);
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012101418");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm017YYus");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "FE7BA80A-6997-4DB3-AB57-574E4D5C2451");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1350258903195");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Emptied folder: C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\33q9h039.default\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 20:07:41.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Then, I ran OTL...

 

I attached Extras.Txt to this reply.

 

Below is OTL.txt

 

OTL logfile created on: 7/17/2013 8:12:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 66.23% Memory free
7.71 Gb Paging File | 5.62 Gb Available in Paging File | 72.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.88 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 245.84 Mb Total Space | 244.10 Mb Free Space | 99.29% Space Free | Partition Type: FAT
 
Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/17 20:11:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2013/07/15 15:50:08 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 11:48:08 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 11:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/02 19:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2010/02/08 11:04:04 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/01/16 03:30:27 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/11/12 13:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/09 22:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 23:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/26 13:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/08/19 23:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/18 18:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009/05/18 18:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/11 11:12:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll
MOD - [2013/07/11 11:07:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 11:07:19 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013/07/11 11:07:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 11:07:00 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 11:06:58 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013/07/11 11:06:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 11:06:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 11:06:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 11:06:40 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 11:06:31 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/02 16:51:50 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/02/02 16:51:32 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/02 16:51:24 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/02 16:51:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/02/02 16:51:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2009/11/12 13:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/02 21:18:16 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/18 00:45:39 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/17 14:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2013/06/18 09:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 14:52:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 11:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/03/05 16:55:06 | 000,264,488 | ---- | M] (Systweak Software, (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe -- (ASO3DiskOptimizer)
SRV - [2013/03/02 19:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/14 04:16:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Tina\AppData\Local\Temp\7zS1596\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 22:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (All) ==========
 
DRV:64bit: - [2013/05/08 01:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2013/05/08 01:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2013/05/07 16:41:50 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/07 16:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/05/07 10:54:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2013/05/07 10:54:20 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2013/04/26 11:40:22 | 000,176,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2013/04/12 09:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:64bit: - [2013/04/10 01:01:53 | 000,983,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2013/03/28 21:37:13 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/01/24 01:01:01 | 000,223,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2012/12/03 15:52:28 | 003,831,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/03 11:07:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2012/08/24 13:13:17 | 000,154,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2012/08/24 13:09:34 | 000,458,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/22 13:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2012/07/25 23:55:47 | 000,785,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2012/07/25 21:26:45 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2012/07/25 21:26:06 | 000,198,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/02 00:48:16 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2012/04/27 22:55:21 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/17 02:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 23:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011/07/08 21:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011/04/28 22:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2011/04/28 22:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011/04/28 22:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011/04/26 21:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011/04/26 21:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011/03/24 22:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2011/03/24 22:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011/03/24 22:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2011/03/24 22:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011/03/11 01:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 23:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011/02/22 23:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010/11/20 08:34:01 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010/11/20 08:34:01 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010/11/20 08:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 08:33:57 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010/11/20 08:33:54 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010/11/20 08:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 08:33:48 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2010/11/20 08:33:45 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:64bit: - [2010/11/20 08:33:45 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010/11/20 08:33:44 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010/11/20 08:33:44 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010/11/20 08:33:44 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010/11/20 08:33:43 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010/11/20 08:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:33:34 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010/11/20 08:32:46 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010/11/20 06:04:09 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010/11/20 05:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010/11/20 05:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010/11/20 05:52:35 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010/11/20 05:52:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010/11/20 05:52:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010/11/20 05:52:20 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010/11/20 05:52:20 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:64bit: - [2010/11/20 05:52:19 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010/11/20 05:51:50 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/11/20 05:50:08 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010/11/20 05:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 05:44:37 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010/11/20 05:44:34 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2010/11/20 05:44:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 05:43:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2010/11/20 05:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio)
DRV:64bit: - [2010/11/20 05:43:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010/11/20 05:43:43 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2010/11/20 05:34:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/11/20 05:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010/11/20 05:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 05:32:44 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Prt.sys -- (Dot4Print)
DRV:64bit: - [2010/11/20 05:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 05:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 05:04:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 04:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/11/20 04:27:54 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010/11/20 04:26:42 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010/11/20 04:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010/11/20 04:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 04:25:14 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010/11/20 04:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010/09/07 17:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010/01/16 03:30:03 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/11/18 01:21:19 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/29 21:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/15 04:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/09/29 20:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/14 01:36:01 | 000,102,000 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2009/08/06 16:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 20:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 20:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 20:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 20:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 20:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 20:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 20:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 20:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 20:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009/07/13 20:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 20:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 20:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 20:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 20:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 20:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 20:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 20:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 20:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 20:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 20:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009/07/13 20:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 20:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)
DRV:64bit: - [2009/07/13 20:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 20:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 20:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 20:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 20:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 20:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 20:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 20:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)
DRV:64bit: - [2009/07/13 20:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP)
DRV:64bit: - [2009/07/13 20:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 19:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 19:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 19:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 19:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 19:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/13 19:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 19:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 19:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 19:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 19:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 19:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 19:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 19:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 19:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 19:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/13 19:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 19:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 19:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2009/07/13 19:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)
DRV:64bit: - [2009/07/13 19:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 19:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 19:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 19:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 19:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 19:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 19:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 19:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 19:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 19:00:20 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4usb.sys -- (dot4usb)
DRV:64bit: - [2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 19:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 19:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 19:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 19:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 19:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 19:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 19:00:16 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4.sys -- (Dot4)
DRV:64bit: - [2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 18:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 18:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 18:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 18:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 18:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 18:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:64bit: - [2009/07/13 18:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:64bit: - [2009/07/13 18:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 18:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 18:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:64bit: - [2009/07/13 18:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)
DRV:64bit: - [2009/07/13 18:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 18:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009/06/19 17:38:26 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/18 15:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 15:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 15:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 15:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 15:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 15:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/12 20:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/12/02 20:26:20 | 000,051,248 | ---- | M] (Sonix) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST50220.sys -- (ST50220)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/05/07 10:54:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:40:52 | 000,082,416 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys -- (ntk_dtv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{346A0F70-9325-46D9-AE0C-B219407CD8A7}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130105,17118,0,18,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS511
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Tina\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Tina\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Tina\AppData\Local\Roblox\Versions\version-7bba248538754234\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin:  File not found
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Tina\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/25 21:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/10 20:37:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/03 17:59:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/12/13 15:49:22 | 000,000,000 | ---D | M]
 
[2011/05/21 18:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/05/22 15:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/07/17 20:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions
[2012/10/19 08:50:11 | 000,000,000 | ---D | M] (HDI V2) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\Aatif@gmail.com
[2013/04/13 22:48:20 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\firefoxextensions@keynote.com
[2013/04/13 22:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\firefoxextensions@keynote.com\chrome
[2013/04/13 22:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\firefoxextensions@keynote.com\components
[2013/04/13 22:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\firefoxextensions@keynote.com\META-INF
[2013/05/12 08:47:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/07 01:19:30 | 000,002,835 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\searchplugins\amazon-distro.xml
[2013/06/28 20:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/25 20:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/25 20:30:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/25 21:04:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/05/11 05:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
 
========== Chrome  ==========
 
CHR - homepage: http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=25A37DDDAE1C802F4EBE745154FE92E1
CHR - homepage: http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=25A37DDDAE1C802F4EBE745154FE92E1
 
O1 HOSTS File: ([2013/05/04 15:45:33 | 000,446,422 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15355 more lines...
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Microsoft Pinyin IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B7FCF5-5B1C-42E0-AC31-5645A8E00968}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/17 20:11:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2013/07/17 19:55:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/17 17:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 17:59:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/17 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/17 17:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/17 17:10:39 | 000,559,159 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Tina\Desktop\JRT.exe
[2013/07/16 23:35:55 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/14 13:15:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/07/10 20:20:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 20:20:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 20:20:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 20:20:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 20:20:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 20:20:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 20:20:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 20:20:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 20:20:35 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 20:20:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 20:20:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 20:20:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 20:20:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 20:20:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 20:20:32 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/09 19:13:57 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 19:13:55 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 19:13:53 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 19:13:53 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 19:13:21 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 19:02:17 | 000,000,000 | ---D | C] -- C:\ASUS WebStorage
[2013/07/09 19:00:51 | 000,000,000 | ---D | C] -- C:\Microsoft
[2013/06/28 23:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ControlDeck
[2013/06/28 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\LogMeIn Rescue Applet
[2013/06/26 06:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/06/26 06:03:21 | 000,524,016 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2013/06/26 06:03:21 | 000,264,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2013/06/26 06:03:21 | 000,192,240 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo19.dll
[2013/06/26 06:03:21 | 000,151,280 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCom.dll
[2013/06/26 06:03:20 | 000,819,440 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2013/06/26 06:03:20 | 000,351,984 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCom.dll
[2013/06/26 06:03:18 | 000,033,008 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2013/06/25 21:34:56 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2013/06/25 21:21:18 | 000,019,752 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/06/25 21:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Optimizer 3
[2013/06/25 21:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2013/06/25 20:30:04 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/06/22 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2008/08/12 00:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\Tina\Documents\Me teen.
[2013/07/17 20:11:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2013/07/17 19:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 18:55:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001UA.job
[2013/07/17 17:59:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 17:59:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 17:59:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 17:55:08 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013/07/17 17:53:11 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/07/17 17:50:22 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Quick PC Booster64 startups.job
[2013/07/17 17:50:22 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/07/17 17:46:07 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 17:15:09 | 000,662,345 | ---- | M] () -- C:\Users\Tina\Desktop\AdwCleaner.exe
[2013/07/17 17:10:10 | 000,559,159 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Tina\Desktop\JRT.exe
[2013/07/17 15:55:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001Core.job
[2013/07/16 20:15:37 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/16 20:15:37 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/16 20:15:37 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/14 15:19:06 | 000,001,350 | ---- | M] () -- C:\Users\Tina\Desktop\ROBLOX Player.lnk
[2013/07/12 22:47:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2013/07/11 11:04:50 | 000,517,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 11:03:55 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ASO-OneClickCare.job
[2013/07/11 10:40:37 | 000,001,652 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/07/09 21:34:06 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job
[2013/07/02 18:19:26 | 000,003,012 | ---- | M] () -- C:\StartUpManager_scandataOUTPUT.xml
[2013/07/02 18:19:24 | 000,005,695 | ---- | M] () -- C:\StartUpManager_scandataINPUT.xml
[2013/06/29 22:56:30 | 000,004,245 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/06/28 23:02:22 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2013/06/28 22:59:53 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) -- C:\Users\Tina\Desktop\athr.sys
[2013/06/28 22:59:53 | 000,328,429 | ---- | M] () -- C:\Users\Tina\Desktop\netathr.inf
[2013/06/28 22:59:53 | 000,305,720 | ---- | M] (ASUSTek COMPUTER INC.) -- C:\Users\Tina\Desktop\PNPINST.exe
[2013/06/28 22:59:53 | 000,053,352 | ---- | M] () -- C:\Users\Tina\Desktop\athrext.cat
[2013/06/28 22:59:53 | 000,000,198 | ---- | M] () -- C:\Users\Tina\Desktop\2KSETUP.INI
[2013/06/26 06:04:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/06/26 06:04:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/06/25 22:44:13 | 000,002,846 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/06/25 21:21:16 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2013/06/25 21:21:16 | 000,002,286 | ---- | M] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2013/06/25 21:21:16 | 000,002,262 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2013/06/25 20:30:15 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Users\Tina\Documents\Me teen.
[2013/07/17 17:59:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/17 17:15:41 | 000,662,345 | ---- | C] () -- C:\Users\Tina\Desktop\AdwCleaner.exe
[2013/07/12 22:47:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2013/06/30 17:40:58 | 000,003,012 | ---- | C] () -- C:\StartUpManager_scandataOUTPUT.xml
[2013/06/30 17:40:57 | 000,005,695 | ---- | C] () -- C:\StartUpManager_scandataINPUT.xml
[2013/06/28 23:02:22 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2013/06/26 06:04:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/06/26 06:04:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/06/25 22:02:35 | 000,001,652 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/06/25 21:21:44 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job
[2013/06/25 21:21:44 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\ASO-OneClickCare.job
[2013/06/25 21:21:18 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/06/25 21:21:16 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2013/06/25 21:21:16 | 000,002,286 | ---- | C] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2013/06/25 21:21:16 | 000,002,262 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2013/06/10 12:32:00 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/29 09:00:55 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/01 12:30:14 | 000,208,102 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2012/08/01 12:30:14 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012/06/18 18:54:59 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/06/18 18:54:59 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/01/30 21:24:40 | 000,000,000 | ---- | C] () -- C:\Users\Tina\defogger_reenable
[2011/11/29 21:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Tina\AppData\Local\{1524F804-41BA-4630-8FDC-C6CA0808DB40}
[2010/12/14 10:11:28 | 000,065,536 | ---- | C] () -- C:\Users\Tina\AppData\Local\ie_runner_app.exe
[2010/05/28 17:02:55 | 000,013,312 | ---- | C] () -- C:\Users\Tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 11:36:50 | 000,003,510 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\wklnhst.dat
[2009/11/04 06:31:08 | 004,120,987 | -H-- | C] () -- C:\Users\Tina\AppData\Local\IconCache (1).db
[2009/11/04 00:26:16 | 000,078,696 | ---- | C] () -- C:\Users\Tina\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2009/11/04 00:25:49 | 001,835,008 | -HS- | C] () -- C:\Users\Tina\NTUSER (1).DAT
[2009/04/08 13:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:6EAE3ABC
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:EB603FE4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

 



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 17 July 2013 - 08:52 PM

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 18 July 2013 - 07:17 PM

I have tried running the ESET online scanner twice now;en  and both times, it gets to about 49% and then says that Windows has encountered a problem and restarts the computer.... ideas on that one?



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 18 July 2013 - 10:38 PM

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 July 2013 - 07:38 AM

OK, I did that.  I am posting the log below. 

 

 

 

ComboFix 13-07-18.04 - Tina 07/18/2013  23:14:18.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3949.2734 [GMT -5:00]
Running from: c:\users\Tina\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.9120.dll
c:\users\Tina\AppData\Local\assembly\tmp
c:\users\Tina\AppData\Local\ie_runner_app.exe
c:\users\Tina\AppData\Local\Temp\7zS1596\HPSLPSVC64.DLL
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\msvcr71.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
-------\Service_pcCMService
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 04:31 . 2013-07-19 04:31    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-07-19 04:31 . 2013-07-19 04:31    --------    d-----w-    c:\users\Mcx1-TINA-PC\AppData\Local\temp
2013-07-19 04:31 . 2013-07-19 04:31    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-18 20:24 . 2013-07-18 20:24    --------    d-----w-    c:\programdata\Systweak
2013-07-18 20:22 . 2013-07-18 20:22    --------    d-----w-    c:\users\Tina\AppData\Roaming\Systweak
2013-07-18 00:55 . 2013-07-18 00:55    --------    d-----w-    c:\windows\ERUNT
2013-07-17 22:59 . 2013-07-17 23:00    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 22:59 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-17 04:35 . 2013-07-17 04:35    --------    d-----w-    C:\FRST
2013-07-14 18:15 . 2013-07-14 18:15    --------    d-----w-    C:\found.000
2013-07-10 00:14 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 00:14 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 00:14 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 00:14 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 00:14 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 00:14 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 00:14 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 00:13 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 00:13 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 00:13 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 00:13 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 00:13 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 00:13 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 00:13 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:13 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 00:13 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 00:13 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:13 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-10 00:13 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 00:02 . 2013-07-10 00:02    --------    d-----w-    C:\ASUS WebStorage
2013-07-10 00:00 . 2013-07-10 00:00    --------    d-----w-    C:\Microsoft
2013-06-29 04:02 . 2013-06-29 04:02    --------    d-----w-    c:\program files (x86)\Common Files\ControlDeck
2013-06-29 03:27 . 2013-06-30 10:55    --------    d-----w-    c:\users\Tina\AppData\Local\LogMeIn Rescue Applet
2013-06-26 11:04 . 2013-06-26 11:04    --------    d-----w-    c:\program files\Synaptics
2013-06-26 11:03 . 2013-05-07 21:41    524016    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2013-06-26 11:03 . 2013-05-07 21:41    151280    ----a-w-    c:\windows\SysWow64\SynTPCom.dll
2013-06-26 11:03 . 2013-05-07 21:41    264432    ----a-w-    c:\windows\system32\SynTPAPI.dll
2013-06-26 11:03 . 2013-05-07 21:41    192240    ----a-w-    c:\windows\system32\SynTPCo19.dll
2013-06-26 11:03 . 2013-05-07 21:41    819440    ----a-w-    c:\windows\system32\SynCOM.dll
2013-06-26 11:03 . 2013-05-07 21:41    351984    ----a-w-    c:\windows\SysWow64\SynCom.dll
2013-06-26 11:03 . 2013-05-07 21:41    33008    ----a-w-    c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-06-26 03:02 . 2013-07-11 15:40    1652    ----a-w-    c:\windows\system32\ASOROSet.bin
2013-06-26 02:34 . 2013-06-26 02:34    --------    d-----w-    c:\windows\Repair
2013-06-26 02:21 . 2013-03-05 21:55    19752    ----a-w-    c:\windows\system32\roboot64.exe
2013-06-26 02:21 . 2008-11-21 05:08    16896    ----a-w-    c:\windows\system32\sasnative64.exe
2013-06-26 02:20 . 2013-06-26 02:26    --------    d-----w-    c:\program files (x86)\Advanced System Optimizer 3
2013-06-26 01:30 . 2013-06-18 14:22    263576    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-26 01:30 . 2013-06-26 01:30    --------    d-----w-    c:\users\Tina\AppData\Roaming\1O1L1I1PtF1F1C1N
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 01:22 . 2010-05-25 21:46    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-11 19:52 . 2013-04-11 22:09    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:52 . 2013-04-11 22:09    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-27 02:55 . 2013-05-27 02:55    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-27 02:55 . 2013-05-27 02:55    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-27 02:55 . 2013-05-27 02:55    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-27 02:55 . 2013-05-27 02:55    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-27 02:55 . 2013-05-27 02:55    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-27 02:55 . 2013-05-27 02:55    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-27 02:55 . 2013-05-27 02:55    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-27 02:55 . 2013-05-27 02:55    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-27 02:55 . 2013-05-27 02:55    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-27 02:55 . 2013-05-27 02:55    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-27 02:55 . 2013-05-27 02:55    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-27 02:55 . 2013-05-27 02:55    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-27 02:55 . 2013-05-27 02:55    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-27 02:55 . 2013-05-27 02:55    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-27 02:55 . 2013-05-27 02:55    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-27 02:55 . 2013-05-27 02:55    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-27 02:55 . 2013-05-27 02:55    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-27 02:55 . 2013-05-27 02:55    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-27 02:55 . 2013-05-27 02:55    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-27 02:55 . 2013-05-27 02:55    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-27 02:55 . 2013-05-27 02:55    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-27 02:55 . 2013-05-27 02:55    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-27 02:55 . 2013-05-27 02:55    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-27 02:55 . 2013-05-27 02:55    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-27 02:55 . 2013-05-27 02:55    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-27 02:55 . 2013-05-27 02:55    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-27 02:55 . 2013-05-27 02:55    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-27 02:55 . 2013-05-27 02:55    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-27 02:55 . 2013-05-27 02:55    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-27 02:55 . 2013-05-27 02:55    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-27 02:55 . 2013-05-27 02:55    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-27 02:55 . 2013-05-27 02:55    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-27 02:55 . 2013-05-27 02:55    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-27 02:55 . 2013-05-27 02:55    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-27 02:55 . 2013-05-27 02:55    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-27 02:55 . 2013-05-27 02:55    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-27 02:55 . 2013-05-27 02:55    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-27 02:55 . 2013-05-27 02:55    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-27 02:55 . 2013-05-27 02:55    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-27 02:55 . 2013-05-27 02:55    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-27 02:55 . 2013-05-27 02:55    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-27 02:55 . 2013-05-27 02:55    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-27 02:55 . 2013-05-27 02:55    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-27 02:55 . 2013-05-27 02:55    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-27 02:55 . 2013-05-27 02:55    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-27 02:55 . 2013-05-27 02:55    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-27 02:55 . 2013-05-27 02:55    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-27 02:55 . 2013-05-27 02:55    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-27 02:55 . 2013-05-27 02:55    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-27 02:54 . 2013-05-27 02:54    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-05-27 02:54 . 2013-05-27 02:54    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-05-27 02:54 . 2013-05-27 02:54    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-05-27 02:54 . 2013-05-27 02:54    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-05-27 02:54 . 2013-05-27 02:54    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-05-27 02:54 . 2013-05-27 02:54    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-27 02:54 . 2013-05-27 02:54    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-05-27 02:54 . 2013-05-27 02:54    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-05-27 02:54 . 2013-05-27 02:54    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-05-27 02:54 . 2013-05-27 02:54    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-05-27 02:54 . 2013-05-27 02:54    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-05-27 02:54 . 2013-05-27 02:54    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-05-27 02:54 . 2013-05-27 02:54    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-05-27 02:54 . 2013-05-27 02:54    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-05-27 02:54 . 2013-05-27 02:54    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-27 02:54 . 2013-05-27 02:54    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-05-27 02:54 . 2013-05-27 02:54    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-05-27 02:54 . 2013-05-27 02:54    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-27 02:54 . 2013-05-27 02:54    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-05-27 02:54 . 2013-05-27 02:54    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-05-27 02:54 . 2013-05-27 02:54    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-05-27 02:54 . 2013-05-27 02:54    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-05-27 02:54 . 2013-05-27 02:54    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-05-27 02:54 . 2013-05-27 02:54    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-05-27 02:54 . 2013-05-27 02:54    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-05-27 02:54 . 2013-05-27 02:54    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-05-27 02:54 . 2013-05-27 02:54    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-05-27 02:54 . 2013-05-27 02:54    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-26 21:12 . 2013-05-26 21:12    1409    ----a-w-    c:\windows\Fonts\RPRSTITL.FOT
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-1-16 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 0015691374206174mcinstcleanup;McAfee Application Installer Cleanup (0015691374206174);c:\windows\TEMP\001569~1.EXE;c:\windows\TEMP\001569~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]
S2 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [x]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\Drivers\ST50220.sys;c:\windows\SYSNATIVE\Drivers\ST50220.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 19:52]
.
2013-07-10 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2013-06-26 21:55]
.
2013-07-11 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files (x86)\Advanced System Optimizer 3\ASO3.exe [2013-06-26 21:55]
.
2013-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001Core.job
- c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-02 20:50]
.
2013-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001UA.job
- c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-02 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-07-17 23:56; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files (x86)\Common Files\McAfee\SystemCore
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-Firefox Free Download Packages - c:\users\Tina\AppData\Roaming\1O1L1I1PtF1F1C1N\Firefox Free Download Packages\uninstaller.exe
AddRemove-WinZip Packages - c:\users\Tina\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\WinZip Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3E7C8B5A-96AB-438F-BF9B-782400655440}"=hex:51,66,7a,6c,4c,1d,38,12,34,88,6f,
   3a,99,d8,e1,06,c0,8d,3b,64,05,3b,10,54
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f8,79,
   7b,57,ae,49,03,dd,eb,c2,43,63,68,39,15
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{6C97A91E-4524-4019-86AF-2AA2D567BF5C}"=hex:51,66,7a,6c,4c,1d,38,12,70,aa,84,
   68,16,0b,77,05,f9,b9,69,e2,d0,39,fb,48
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
   4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:66,8f,2a,39,3b,66,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,7a,5d,ec,70,59,1f,4f,81,59,31,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,da,2c,fc,b6,0a,ee,4c,89,1a,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,da,2c,fc,b6,0a,ee,4c,89,1a,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ATT\8.3.0.34\ma\bin\node.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Advanced System Optimizer 3\SystemProtector.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
.
**************************************************************************
.
Completion time: 2013-07-19  00:24:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-19 05:24
.
Pre-Run: 17,288,798,208 bytes free
Post-Run: 18,542,817,280 bytes free
.
- - End Of File - - 4B743BC60A754D71269D04472120BD81
5C616939100B85E558DA92B899A0FC36
 



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 19 July 2013 - 11:27 AM

You are running two antivirus and two firewalls.

 

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running.  The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.

 

In your position I would remove both, McAfee and Adaware, and install AVAST. It has proven to be more efficient.

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 July 2013 - 03:46 PM

I can do that; however, now it takes even longer to reboot than it did before and when it does start up, I get about 3 or 4 error messages and my USB wireless mouse will not work.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 19 July 2013 - 04:06 PM

Please run Combofix once again and post its report. Also, post the Extras.txt produced by OTL. Was not attached.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 July 2013 - 05:11 PM

Combofix.txt:

 

ComboFix 13-07-18.04 - Tina 07/19/2013  16:38:28.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3949.2681 [GMT -5:00]
Running from: c:\users\Tina\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 21:54 . 2013-07-19 21:54    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-07-19 21:54 . 2013-07-19 21:54    --------    d-----w-    c:\users\Mcx1-TINA-PC\AppData\Local\temp
2013-07-19 21:54 . 2013-07-19 21:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-18 20:24 . 2013-07-18 20:24    --------    d-----w-    c:\programdata\Systweak
2013-07-18 20:22 . 2013-07-18 20:22    --------    d-----w-    c:\users\Tina\AppData\Roaming\Systweak
2013-07-18 00:55 . 2013-07-18 00:55    --------    d-----w-    c:\windows\ERUNT
2013-07-17 22:59 . 2013-07-17 23:00    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 22:59 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-17 04:35 . 2013-07-17 04:35    --------    d-----w-    C:\FRST
2013-07-14 18:15 . 2013-07-14 18:15    --------    d-----w-    C:\found.000
2013-07-10 00:14 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 00:14 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 00:14 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 00:14 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 00:14 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 00:14 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 00:14 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 00:13 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 00:13 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 00:13 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 00:13 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 00:13 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 00:13 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 00:13 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:13 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 00:13 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 00:13 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:13 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-10 00:13 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 00:02 . 2013-07-10 00:02    --------    d-----w-    C:\ASUS WebStorage
2013-07-10 00:00 . 2013-07-10 00:00    --------    d-----w-    C:\Microsoft
2013-06-29 04:02 . 2013-06-29 04:02    --------    d-----w-    c:\program files (x86)\Common Files\ControlDeck
2013-06-29 03:27 . 2013-06-30 10:55    --------    d-----w-    c:\users\Tina\AppData\Local\LogMeIn Rescue Applet
2013-06-26 11:04 . 2013-06-26 11:04    --------    d-----w-    c:\program files\Synaptics
2013-06-26 11:03 . 2013-05-07 21:41    524016    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2013-06-26 11:03 . 2013-05-07 21:41    151280    ----a-w-    c:\windows\SysWow64\SynTPCom.dll
2013-06-26 11:03 . 2013-05-07 21:41    264432    ----a-w-    c:\windows\system32\SynTPAPI.dll
2013-06-26 11:03 . 2013-05-07 21:41    192240    ----a-w-    c:\windows\system32\SynTPCo19.dll
2013-06-26 11:03 . 2013-05-07 21:41    819440    ----a-w-    c:\windows\system32\SynCOM.dll
2013-06-26 11:03 . 2013-05-07 21:41    351984    ----a-w-    c:\windows\SysWow64\SynCom.dll
2013-06-26 11:03 . 2013-05-07 21:41    33008    ----a-w-    c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-06-26 03:02 . 2013-07-11 15:40    1652    ----a-w-    c:\windows\system32\ASOROSet.bin
2013-06-26 02:34 . 2013-06-26 02:34    --------    d-----w-    c:\windows\Repair
2013-06-26 02:21 . 2013-03-05 21:55    19752    ----a-w-    c:\windows\system32\roboot64.exe
2013-06-26 02:21 . 2008-11-21 05:08    16896    ----a-w-    c:\windows\system32\sasnative64.exe
2013-06-26 02:20 . 2013-06-26 02:26    --------    d-----w-    c:\program files (x86)\Advanced System Optimizer 3
2013-06-26 01:30 . 2013-06-18 14:22    263576    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-26 01:30 . 2013-06-26 01:30    --------    d-----w-    c:\users\Tina\AppData\Roaming\1O1L1I1PtF1F1C1N
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 01:22 . 2010-05-25 21:46    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-11 19:52 . 2013-04-11 22:09    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:52 . 2013-04-11 22:09    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-27 02:55 . 2013-05-27 02:55    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-27 02:55 . 2013-05-27 02:55    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-27 02:55 . 2013-05-27 02:55    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-27 02:55 . 2013-05-27 02:55    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-27 02:55 . 2013-05-27 02:55    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-27 02:55 . 2013-05-27 02:55    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-27 02:55 . 2013-05-27 02:55    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-27 02:55 . 2013-05-27 02:55    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-27 02:55 . 2013-05-27 02:55    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-27 02:55 . 2013-05-27 02:55    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-27 02:55 . 2013-05-27 02:55    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-27 02:55 . 2013-05-27 02:55    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-27 02:55 . 2013-05-27 02:55    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-27 02:55 . 2013-05-27 02:55    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-27 02:55 . 2013-05-27 02:55    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-27 02:55 . 2013-05-27 02:55    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-27 02:55 . 2013-05-27 02:55    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-27 02:55 . 2013-05-27 02:55    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-27 02:55 . 2013-05-27 02:55    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-27 02:55 . 2013-05-27 02:55    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-27 02:55 . 2013-05-27 02:55    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-27 02:55 . 2013-05-27 02:55    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-27 02:55 . 2013-05-27 02:55    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-27 02:55 . 2013-05-27 02:55    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-27 02:55 . 2013-05-27 02:55    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-27 02:55 . 2013-05-27 02:55    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-27 02:55 . 2013-05-27 02:55    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-27 02:55 . 2013-05-27 02:55    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-27 02:55 . 2013-05-27 02:55    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-27 02:55 . 2013-05-27 02:55    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-27 02:55 . 2013-05-27 02:55    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-27 02:55 . 2013-05-27 02:55    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-27 02:55 . 2013-05-27 02:55    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-27 02:55 . 2013-05-27 02:55    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-27 02:55 . 2013-05-27 02:55    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-27 02:55 . 2013-05-27 02:55    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-27 02:55 . 2013-05-27 02:55    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-27 02:55 . 2013-05-27 02:55    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-27 02:55 . 2013-05-27 02:55    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-27 02:55 . 2013-05-27 02:55    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-27 02:55 . 2013-05-27 02:55    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-27 02:55 . 2013-05-27 02:55    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-27 02:55 . 2013-05-27 02:55    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-27 02:55 . 2013-05-27 02:55    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-27 02:55 . 2013-05-27 02:55    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-27 02:55 . 2013-05-27 02:55    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-27 02:55 . 2013-05-27 02:55    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-27 02:55 . 2013-05-27 02:55    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-27 02:55 . 2013-05-27 02:55    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-27 02:54 . 2013-05-27 02:54    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-05-27 02:54 . 2013-05-27 02:54    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-05-27 02:54 . 2013-05-27 02:54    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-05-27 02:54 . 2013-05-27 02:54    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-05-27 02:54 . 2013-05-27 02:54    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-05-27 02:54 . 2013-05-27 02:54    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-27 02:54 . 2013-05-27 02:54    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-05-27 02:54 . 2013-05-27 02:54    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-05-27 02:54 . 2013-05-27 02:54    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-05-27 02:54 . 2013-05-27 02:54    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-05-27 02:54 . 2013-05-27 02:54    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-05-27 02:54 . 2013-05-27 02:54    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-05-27 02:54 . 2013-05-27 02:54    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-05-27 02:54 . 2013-05-27 02:54    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-05-27 02:54 . 2013-05-27 02:54    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-27 02:54 . 2013-05-27 02:54    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-05-27 02:54 . 2013-05-27 02:54    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-05-27 02:54 . 2013-05-27 02:54    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-27 02:54 . 2013-05-27 02:54    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-05-27 02:54 . 2013-05-27 02:54    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-05-27 02:54 . 2013-05-27 02:54    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-05-27 02:54 . 2013-05-27 02:54    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-05-27 02:54 . 2013-05-27 02:54    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-05-27 02:54 . 2013-05-27 02:54    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-05-27 02:54 . 2013-05-27 02:54    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-05-27 02:54 . 2013-05-27 02:54    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-05-27 02:54 . 2013-05-27 02:54    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-05-27 02:54 . 2013-05-27 02:54    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-27 02:54 . 2013-05-27 02:54    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-26 21:12 . 2013-05-26 21:12    1409    ----a-w-    c:\windows\Fonts\RPRSTITL.FOT
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-1-16 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 0015691374206174mcinstcleanup;McAfee Application Installer Cleanup (0015691374206174);c:\windows\TEMP\001569~1.EXE;c:\windows\TEMP\001569~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]
S2 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.3.0.34\ma\bin\MAHostService.exe [x]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\Drivers\ST50220.sys;c:\windows\SYSNATIVE\Drivers\ST50220.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 19:52]
.
2013-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001Core.job
- c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-02 20:50]
.
2013-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001UA.job
- c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-02 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-07-17 23:56; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files (x86)\Common Files\McAfee\SystemCore
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3E7C8B5A-96AB-438F-BF9B-782400655440}"=hex:51,66,7a,6c,4c,1d,38,12,34,88,6f,
   3a,99,d8,e1,06,c0,8d,3b,64,05,3b,10,54
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f8,79,
   7b,57,ae,49,03,dd,eb,c2,43,63,68,39,15
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{6C97A91E-4524-4019-86AF-2AA2D567BF5C}"=hex:51,66,7a,6c,4c,1d,38,12,70,aa,84,
   68,16,0b,77,05,f9,b9,69,e2,d0,39,fb,48
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
   4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:66,8f,2a,39,3b,66,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,7a,5d,ec,70,59,1f,4f,81,59,31,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,da,2c,fc,b6,0a,ee,4c,89,1a,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,da,2c,fc,b6,0a,ee,4c,89,1a,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-19  17:08:44
ComboFix-quarantined-files.txt  2013-07-19 22:08
ComboFix2.txt  2013-07-19 05:24
.
Pre-Run: 18,256,740,352 bytes free
Post-Run: 18,450,153,472 bytes free
.
- - End Of File - - 840A137B9910E5A1DBD890C8AB95E2E9
5C616939100B85E558DA92B899A0FC36
 

 

 

 

 

Extras.txt:

 

OTL Extras logfile created on: 7/17/2013 8:12:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 66.23% Memory free
7.71 Gb Paging File | 5.62 Gb Available in Paging File | 72.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.88 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 245.84 Mb Total Space | 244.10 Mb Free Space | 99.29% Space Free | Partition Type: FAT
 
Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02555E3C-5CDD-42BA-9A86-2E816ABA2985}" = rport=138 | protocol=17 | dir=out | app=system |
"{161E8AE5-1D41-40F9-966C-33B8FA319281}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19276B38-83D3-4701-AC8B-B29BBC4CB526}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1CF78B74-7021-4B24-8A1C-D45949A100F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{2080C955-7BFC-4A9C-AF9A-8128630A6439}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{228F197E-40D0-476D-BEE5-7C824EB5C41F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22FC5FAE-FFEA-43FB-939F-0F70A4E96A33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27045E01-9D87-430F-8A78-FC7F1E0F16FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{273DCFBF-D03F-4533-BC2B-0820A5BD145C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E182C1E-CEB8-4DA6-B34F-04D73921D497}" = lport=445 | protocol=6 | dir=in | app=system |
"{381F465A-5858-45D7-89BA-39657FC01BC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{417D8798-4F4D-4D64-8441-C5455E16BB9E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{43352781-AB5B-4BB8-AC4B-E3819717E5A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4371BB2D-D99E-4289-BBB9-FF340362382D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{517655E4-5694-4523-BA30-33956C9AE3B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{545635E1-8088-4A98-A3BF-9B400F71F908}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{571535D1-5073-476D-95C1-FCCDB56086A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6110F5DF-03DA-4F5A-B44F-72BE87DB838A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{65334CF3-83B3-48DC-9E7F-2C9E8B473670}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{685E9C9C-6D90-4505-83D9-33159EEF0BA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6BB34DF8-D4C6-4AD8-BE66-79365DC66959}" = lport=10244 | protocol=6 | dir=in | app=system |
"{799A3223-367A-4910-9C74-10937150D667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CCE1C39-FAF1-40CE-BD9F-2B1755F4A6FD}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8092DD55-296D-4315-B1FE-99AE8009FFC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{850B23C7-655C-459C-A5FA-B43B30F58205}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88180173-C8E7-4804-8D22-4FF96831C538}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{8DFCC925-A7AA-4250-B3F2-A00CF8497BD2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AEAEBF3-179B-48A2-B9F1-610DEA5C007E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CA36C7D-5F68-4411-886A-EB8F2A3C8A3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F971A5F-C8FE-495C-B907-D340DDC9C5AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A37A2875-CF9A-40C4-BD36-7073F1CB02CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA63EA67-55D6-465D-9A0B-E2CFCDFEE970}" = lport=139 | protocol=6 | dir=in | app=system |
"{B3C2979C-ABB5-4DF5-A9D5-34F392E31F4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B849F8FA-7241-42E8-92E2-0E99691121BE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B86FC670-12B2-4BBE-8B5B-6918D51A6279}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9824203-30E8-466F-9A4B-138C146C588A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC241CA5-7C4F-40EF-AFCD-CE32810C4F8F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C09204A7-F1F3-460C-85A0-7F38B10AB575}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0E9D093-AE92-4190-819E-193D14E516C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6E6B05E-1498-4F10-B0FC-0D7203E66D24}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{CB60F73E-2C42-4AA3-BD0F-DF59AB04FA05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD2A3440-DEA0-4653-990A-4F75710D8F6A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CE46C052-E80A-4108-8C54-6401C46BDA18}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE83DA53-772E-44AB-B6F2-AE44006DCE51}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3AEFB62-CBDB-4D52-8B9E-CDCB1DBE55B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5FDBF07-6A40-428E-A6B5-484515088E6F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E6B2FBC6-0AFC-4D32-B289-5F4746C3637B}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F381457E-61D6-4441-B909-836865617C72}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F4AF4EAD-E0A2-4ACD-A89F-757B32B20F74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F66E0518-1D07-4CB2-B083-2023B176E5D9}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC657C46-286B-4997-9422-C7BC24C7C8BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE0C3B36-F9E5-4249-AF3E-F6C582986FAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE31B1C0-8878-45E9-BC84-BE1E34A11708}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E2BA9B-2D91-43AE-A3DE-1EDD75CA4504}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{04C2E736-779C-4E04-B503-47DA0CEA22E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B549D9E-BE64-4405-AFA7-EE59E7BCCA80}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{0F62C3F9-99E1-4A54-B692-57FD2998BAF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{103F3243-B896-41A7-A37D-BD4670EE149C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{109B16F2-010D-416F-A304-83A4A0415449}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{13E116C0-3A56-4741-9CF3-B75AEBE43ABC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{18879AD3-C7D3-435C-904F-2A5FEA01E87B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1942DFFF-6CB0-47E0-BB93-F2DC8219646C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1A3203AA-D592-460C-AA2A-C7875B39D166}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F7B51F0-BCBF-4094-916F-5FCB536FA43C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2016252B-4492-4F01-8C83-CD48B9E7D013}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{20C44C07-C7AE-4EEC-8226-B1B85DA4D193}" = protocol=17 | dir=in | app=c:\users\tina\appdata\local\temp\7zs31f0\hppiw.exe |
"{24E4639A-86F8-4DD1-8C26-A4F89C40CAE7}" = dir=in | app=e:\setup\hpznui40.exe |
"{261DE0D8-D86D-41B7-927A-26B31808D81C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{263BA286-B496-4E00-BA99-AD507C242354}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{295AF428-FD48-4500-B127-9F6E0CFEBDE3}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{29BFA53F-8DEE-4466-AEBD-1D4A59FB1D0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DBD0C09-2C37-4EF0-B5D1-18F1AA605891}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3B2CB1DA-61C4-49AA-BFED-1F44BE645A61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1F95D9-0539-43C5-824F-7E30C7BA223C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3EF6CF0C-DB7A-4EB4-92BF-4D9ED32088C8}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{42C98EDB-52DE-4CC4-AB94-944060FAAD68}" = dir=in | app=c:\program files (x86)\directv\directv\kernel\clml\vdtvrec.exe |
"{46EBB832-AC24-4D65-BDA6-5ED7E6E09905}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{48E597BD-61B6-45FD-A4F7-7A664865A409}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4A62EB5B-6214-4157-8F65-C706AE9A919A}" = dir=in | app=c:\users\tina\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4D4E638C-9226-45F5-84C9-E6BF2FD0F1B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4E68E15E-134D-4A55-8398-1168F4E25BA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{506EAD15-CA60-4C0D-90EE-1E05AA63B03E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{50DDD18D-1B99-4E5D-8CDE-9AE92E7FEE85}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5317B231-4A8F-414C-B8EC-320E6DB40AC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{54809426-F632-4C15-8F26-BFA9EF3E5723}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{564956DE-F0E2-4C8A-B985-3E666506B9DE}" = protocol=6 | dir=in | app=c:\users\tina\appdata\local\temp\7zs2277\hppiw.exe |
"{57657EF5-0B15-4AAA-86FA-9BC71301C61B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{57B66D7A-8E9A-4412-87E9-8CBD20A888EC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5A15BBB2-FABF-4DAA-88B0-CBD1ACF713C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5DB7B54A-69C8-4736-A680-AE0E70F67145}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5DEBF093-F9B4-42A3-B639-74CC05C42043}" = dir=in | app=c:\program files (x86)\directv\directv\vdtv.exe |
"{5F4F649D-9EFA-4EC5-AB8F-60438D3AB527}" = protocol=6 | dir=in | app=c:\users\tina\appdata\local\temp\7zs1558\hppiw.exe |
"{61C3CFBF-F0CB-4524-B1AC-1231579F2505}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65A3CF5E-D303-465C-91B4-8EADF33407A3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{686DE5DC-2AF4-4854-BD02-FDBDF572618E}" = protocol=6 | dir=in | app=c:\users\tina\appdata\local\temp\7zs31f0\hppiw.exe |
"{687ACE9E-E838-488F-B8C5-E647600A8A54}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{68E9C5DD-70C6-4624-9746-73AC145DA8E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{69DD8FFD-C3A4-4706-851C-990B81865DCE}" = protocol=17 | dir=in | app=c:\users\tina\appdata\local\temp\7zs1596\hppiw.exe |
"{6BD7C9F4-203A-47C6-9F70-8044C1943156}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E5BDAC2-AB9E-44F8-9A86-D2D02DCE7FAE}" = dir=in | app=c:\program files (x86)\directv\directv\directv2pc™.exe |
"{70F7A243-2894-4000-8995-9D04455EB7E5}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{7885BCD2-FD58-4783-A52F-4F24DB28498A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BA86B2F-14A1-4571-9C91-33E505751271}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FDC29E3-21E6-49E8-A06D-C336C32631C8}" = protocol=6 | dir=out | app=system |
"{829BD63C-35EB-4039-BF2E-A656E4CCF0F7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{87005AA7-2527-49A4-8478-4105BB22DC74}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{8CBD3245-8518-449E-9B8D-AC73EDBAC414}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8D4DBB3E-B90E-4FF0-897B-490F91511482}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D5DB330-24E6-42E9-866E-4FAF39C3DDF4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
"{8E0CF6DE-B42E-4657-8887-68BEC50602B7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9135E2EB-4EE2-4575-9CF8-142F538710EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92EB1750-E8E3-4FB8-988E-743EE81FB382}" = protocol=17 | dir=in | app=c:\users\tina\appdata\local\temp\7zs2277\hppiw.exe |
"{9338BF6D-394C-41CD-B384-622B97F6C4EE}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{93E18063-D44D-4289-9FEF-45B59C11C0A8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{97B5F6F2-23E2-4827-AF0E-D22B0B3B3F5D}" = protocol=6 | dir=in | app=c:\users\tina\appdata\local\temp\7zs1596\hppiw.exe |
"{97E81D77-9A18-48EC-89EC-F4A43C3D51E3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{99047D83-2A3A-459D-A54A-11FF11656BC6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B137CD7-3924-40B6-90E0-C9953BE80943}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{9F003F1B-6377-44B4-B854-4934572F21DB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9F5CBD14-C50F-4245-B09F-281063131496}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A26895E8-B6FD-4149-B688-28B1FBE6AADB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A2B6C6FD-A2EE-4D0A-8CCD-5F1682DEDB57}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A821AC74-7D29-44C2-AAEB-7B27C1D18CD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A8DFC613-CB1D-447B-8401-6F6187A47E3D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{ADEDA29D-B418-4BB2-B49F-103DC5AECF96}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B257A14A-1673-478B-9524-EAE32FC8B341}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BD857BDA-7729-434F-B1DF-6F1B05BDD0E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C66A2EF9-6102-4F0D-970D-E6CADD09C71F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDCB24F9-E4FF-4753-92F4-FB6CF2D4B316}" = protocol=17 | dir=in | app=c:\users\tina\appdata\local\temp\7zs1558\hppiw.exe |
"{CFFC5FF2-546B-4D16-B03E-9490FCA74B17}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D524378C-F38A-4F76-A553-A8DF1122CBE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6C38630-3449-4CD6-B112-B9B5E691B503}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DBB2B99D-6731-45A9-8C31-8ABDAF82B62B}" = protocol=6 | dir=in | app=c:\users\tina\appdata\local\temp\7zs2c1d\hppiw.exe |
"{DC8EE659-7A18-47F0-81B7-F88015DDAA2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E0C904E4-A35B-4EB0-A4EB-9E43C6FC8884}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2BCFD38-6D75-404E-A2D3-08AF8A43555F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4E680FB-C0F5-4F38-AFCB-3D51B6A3F52B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E6D38A6C-1148-4921-8976-783C1038C6F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E7C2736A-6597-4EF2-889F-E9B33C4EA169}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ECD0039E-495B-4E95-A6A2-4B6CFF4A4536}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{ED0B237B-6BE0-45DC-839A-85A278D26C62}" = protocol=17 | dir=in | app=c:\users\tina\appdata\local\temp\7zs2c1d\hppiw.exe |
"{F471F258-3E0E-4B62-B093-5C5F8C5EFA89}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F7BB8368-D00E-4C9D-BB8C-B1EAE29141EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{F9580AAA-1400-4D0B-957E-8F28A4358CEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{2F168B0C-7EB1-D63A-18E2-B4BC362F54FD}" = ccc-utility64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0401-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Arabic) 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{90120000-002A-041E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Thai) 2007
"{90120000-002A-041F-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Turkish) 2007
"{90120000-002A-0804-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C04-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEC0590D-D4DE-DB7C-C625-657FC30CF927}" = ATI Catalyst Install Manager
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ASUS WebStorage" = ASUS WebStorage
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03A92733-D26B-CBCD-52A1-56E31E612972}" = Catalyst Control Center Core Implementation
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{106E3037-BFFF-0B66-7BAE-15E16C9DAB7A}" = CCC Help Turkish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{124D0E28-CD55-490E-E551-7474F0965983}" = Catalyst Control Center Graphics Previews Common
"{133B19CF-2FDA-492C-07AD-FAE04DB76C99}" = ccc-core-static
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{244F94E8-6801-3AEE-D5F8-8B0F66A323D6}" = CCC Help Chinese Standard
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A2C6E16-0399-F5AE-B3A8-0990B2464E97}" = Catalyst Control Center Graphics Full New
"{301A4A22-ACBD-993D-682E-4B35F22467B6}" = Catalyst Control Center Graphics Light
"{40A208DE-AE5A-F82C-962C-17050826751F}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41F706DC-FE6D-90AC-6B9A-F175388EBFA6}" = CCC Help Finnish
"{43CC74BB-CB4F-9DE7-5B86-0CB4E498DDAE}" = CCC Help Italian
"{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"{49DCA97C-4D99-659C-AE2B-9CDCC227CEE3}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4E12BF0A-9A6B-B806-F589-1456DA35CFAA}" = CCC Help Spanish
"{5419A3D5-07EC-9C03-483F-41945F9F173C}" = CCC Help Swedish
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E5FF37B-81F4-FAE1-1BEB-2DCCB7D8AC21}" = CCC Help Chinese Traditional
"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6717A421-DA2D-BC53-3C94-95235480B989}" = CCC Help Japanese
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E6FD4E4-A2FB-2404-6E46-7606B0913FF1}" = CCC Help Greek
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FEBE183-A517-770B-9BEC-E0AF07B2C0ED}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729C7781-11C8-783B-CC05-1AC359088502}" = CCC Help Czech
"{7492FE27-81F9-305D-44B8-7696ACBACA2A}" = CCC Help Russian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CA835ED-752D-0AD3-3DD1-DAFCD81E8E6A}" = CCC Help Danish
"{81C9B604-B3D0-82FB-E677-2D96CDFECEAB}" = CCC Help Polish
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B1C8588-60C4-3650-D324-9404AEF01044}" = Catalyst Control Center Graphics Previews Vista
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-041E-0000-0000000FF1CE}" = Microsoft Office Access MUI (Thai) 2007
"{90120000-0015-041E-0000-0000000FF1CE}_PROHYBRIDR_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-041F-0000-0000000FF1CE}" = Microsoft Office Access MUI (Turkish) 2007
"{90120000-0015-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2007
"{90120000-0015-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C04-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0C04-0000-0000000FF1CE}_PROHYBRIDR_{C7B5BB87-0E5D-4CB3-B570-318C3BA60D84}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Thai) 2007
"{90120000-0016-041E-0000-0000000FF1CE}_PROHYBRIDR_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
"{90120000-0016-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
"{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C04-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{C7B5BB87-0E5D-4CB3-B570-318C3BA60D84}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Thai) 2007
"{90120000-0018-041E-0000-0000000FF1CE}_PROHYBRIDR_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
"{90120000-0018-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
"{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C04-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{C7B5BB87-0E5D-4CB3-B570-318C3BA60D84}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041E-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Thai) 2007
"{90120000-0019-041E-0000-0000000FF1CE}_PROHYBRIDR_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041F-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Turkish) 2007
"{90120000-0019-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
"{90120000-0019-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C04-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0C04-0000-0000000FF1CE}_PROHYBRIDR_{C7B5BB87-0E5D-4CB3-B570-318C3BA60D84}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Thai) 2007
"{90120000-001A-041E-0000-0000000FF1CE}_PROHYBRIDR_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041F-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Turkish) 2007
"{90120000-001A-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
"{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C04-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0C04-0000-0000000FF1CE}_PROHYBRIDR_{C7B5BB87-0E5D-4CB3-B570-318C3BA60D84}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Thai) 2007
"{90120000-001B-041E-0000-0000000FF1CE}_PROHYBRIDR_{54F94746-3663-43F2-933C-B4DC35793565}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
"{90120000-001B-041F-0000-0000000FF1CE}_PROHYBRIDR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
"{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C04-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{C7B5BB87-0E5D-4CB3-B570-318C3BA60D84}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_PROHYBRIDR_{E9E01036-7842-437F-B99E-984D738A81DA}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_PROHYBRIDR_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_PROHYBRIDR_{0454BB31-DAD9-400F-9E06-45B36D4BA53B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_PROHYBRIDR_{803AB362-E418-4474-84E6-8ABFAF8D3A1E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0804-1000-0000000FF1CE}_PROHYBRIDR_{2F660432-0FA3-458E-86AB-4880366640B8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0401-1000-0000000FF1CE}_PROHYBRIDR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0416-1000-0000000FF1CE}_PROHYBRIDR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041E-1000-0000000FF1CE}_PROHYBRIDR_{7A723282-13D6-4C76-AAFD-3D20A35B2F60}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041F-1000-0000000FF1CE}_PROHYBRIDR_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0804-1000-0000000FF1CE}_PROHYBRIDR_{91C1AA33-F2CE-460B-A989-1F7C0051FFCD}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C04-1000-0000000FF1CE}_PROHYBRIDR_{BFE8AF13-426B-4A50-A222-B262186B68B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-002C-041E-0000-0000000FF1CE}" = Microsoft Office Proofing (Thai) 2007
"{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
"{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C04-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_PROHYBRIDR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_PROHYBRIDR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Thai) 2007
"{90120000-006E-041E-0000-0000000FF1CE}_PROHYBRIDR_{7A723282-13D6-4C76-AAFD-3D20A35B2F60}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}_PROHYBRIDR_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0804-0000-0000000FF1CE}_PROHYBRIDR_{91C1AA33-F2CE-460B-A989-1F7C0051FFCD}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C04-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0C04-0000-0000000FF1CE}_PROHYBRIDR_{BFE8AF13-426B-4A50-A222-B262186B68B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90949E60-1E05-EAD9-A1B8-D0984F18224B}" = CCC Help Portuguese
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9D317B-610F-5B74-E001-FFF98C3393D8}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B15930BE-C329-0B26-CE1E-E1E6D4A3EB20}" = CCC Help German
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C143B1EA-688C-35CE-34BE-88DFDBA4D0E6}" = Catalyst Control Center Localization All
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6F8AFBD-C7D3-2934-DB48-1E2C92D7455B}" = CCC Help Hungarian
"{D1543DF7-EF94-B6E7-643B-3543EA36F630}" = CCC Help French
"{D44EFA1A-5F04-DFB4-A3FF-A1A4D64556D0}" = CCC Help Korean
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE56B690-A4EE-F806-6DEF-942EF3FB2E20}" = CCC Help Thai
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED27DC1A-550A-5F48-9303-9C0D9C179D42}" = CCC Help Norwegian
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ATT-ATT Management Agent" = ATT Management Agent
"ESET Online Scanner" = ESET Online Scanner v3
"Free Media Player_is1" = Free All-In-One Media Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"PROHYBRIDR" = 2007 Microsoft Office system
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for Tina
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Tina
"23ab716f18849b6f" = Amazon Cloud Drive
"Firefox Free Download Packages" = Firefox Free Download Packages
"WinZip Packages" = WinZip Packages
 
========== Last 20 Event Log Errors ==========
 
[ Spybot - Search and Destroy Events ]
Error - 3/29/2013 10:00:56 AM | Computer Name = Tina-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 5/4/2013 3:24:26 PM | Computer Name = Tina-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 6/1/2013 8:39:23 AM | Computer Name = Tina-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 7/17/2013 9:14:18 PM | Computer Name = Tina-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 7/17/2013 9:14:18 PM | Computer Name = Tina-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 7/17/2013 9:22:00 PM | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7031
Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
 It has done this 1 time(s).  The following corrective action will be taken in 60000
 milliseconds: Restart the service.
 
 
< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users