Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • This topic is locked This topic is locked

#1
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Member
  • PipPip
  • 34 posts
About 40 percent of the time when I use Google, when I click on a search result, I get sent somewhere else. When I reclick the link it always works properly.

I use (only) MS Security Essentials as virus protection. I've checked my hosts file and the proxy setting and I'm not using a router. I've tried Kaspersky's TSDD Killer, Hitman Pro, Malwarebytes, Spybot, SUPERAntiSpyware... and sometimes they find something, but usually not, and I still get redirects. I haven't tried ComboFix because that sounds dangerous.

OTL logfile created on: 8/5/2011 2:25:02 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.13% Memory free
6.19 Gb Paging File | 4.91 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 36.11 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 181.96 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 273.30 Gb Free Space | 58.69% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 14:24:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
PRC - [2011/07/31 09:56:03 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/09 18:23:47 | 000,399,536 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/06/26 13:53:42 | 001,706,544 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/06/26 13:53:42 | 000,376,352 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 14:24:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/26 13:53:42 | 000,376,352 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/04/19 19:43:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/03 11:24:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/28 16:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/05 14:04:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBBF0D00-CCCC-4B07-8D21-2DEAA2423B16}\MpKsl9485d83f.sys -- (MpKsl9485d83f)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/06/26 13:34:52 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/15 01:15:42 | 000,813,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/06 22:24:08 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/04/06 22:24:08 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/09/17 09:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/06 15:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/21 15:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.netflix.c...Now?lnkctr=mhWN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/02/14 14:33:29 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/20 16:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 15:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/09 18:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/13 19:46:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\alex\AppData\Roaming\Move Networks [2009/10/03 09:23:25 | 000,000,000 | ---D | M]

[2010/01/24 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions
[2010/01/24 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/15 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011/08/05 14:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions
[2011/07/02 09:53:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/03 17:40:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/16 09:36:02 | 000,000,000 | ---D | M] (ChromEdit Plus) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/03/11 11:12:24 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/02/20 13:03:58 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/06/20 16:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 18:35:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2005/11/29 18:28:00 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 13:55:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/12 10:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\Shell - "" = AutoRun
O33 - MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{684e8748-fbba-11de-994d-00242135f33b}\Shell\AutoRun\command - "" = L:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O33 - MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\Shell\AutoRun\command - "" = F:\browser.exe
O33 - MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\Shell - "" = AutoRun
O33 - MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Users\alex\Desktop\Various -
File not found -- C:\Users\alex\Desktop\New Year Flood
[2011/08/05 14:24:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2011/08/05 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\tdsskiller
[2011/08/05 14:10:42 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\GooredFix Backups
[2011/08/05 14:09:04 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\alex\Desktop\GooredFix.exe
[2011/08/05 13:55:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/05 13:54:54 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTM.exe
[2011/08/05 13:54:42 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\8-5-2011
[2011/08/05 13:53:22 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\erunt
[2011/07/28 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/28 15:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/28 15:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/28 10:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/28 10:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/28 09:46:07 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/28 09:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/28 09:35:01 | 006,619,456 | ---- | C] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro35.exe
[2011/07/24 14:42:29 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\!for bedroom
[2011/07/15 19:47:44 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\ifoedit096
[2011/07/08 19:17:15 | 000,000,000 | ---D | C] -- C:\divx
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\alex\Desktop\Various -
File not found -- C:\Users\alex\Desktop\New Year Flood
[2011/08/05 14:24:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2011/08/05 14:09:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\alex\Desktop\GooredFix.exe
[2011/08/05 14:08:36 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/05 14:08:29 | 000,004,832 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/08/05 14:08:29 | 000,003,053 | ---- | M] () -- C:\Windows\System32\.lck
[2011/08/05 14:04:33 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 14:04:32 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 14:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/05 14:03:10 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2011/08/05 14:03:10 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2011/08/05 14:03:10 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2011/08/05 14:01:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/05 13:55:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/05 13:54:57 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTM.exe
[2011/08/05 13:30:55 | 000,002,359 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/08/04 20:50:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A482A68-0330-4A8D-9FD3-200B36A2F2C2}.job
[2011/08/04 20:48:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/30 13:33:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/30 13:14:54 | 000,021,064 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/28 15:37:39 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/28 10:44:20 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/28 09:35:18 | 006,619,456 | ---- | M] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro35.exe
[2011/07/25 12:37:41 | 000,144,896 | ---- | M] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 08:49:10 | 000,744,011 | ---- | M] () -- C:\Users\alex\Desktop\adult_sized_bean_bag_chair.pdf
[2011/07/21 10:47:48 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/07/21 10:05:05 | 000,000,054 | ---- | M] () -- C:\Windows\System32\1085983136
[2011/07/15 19:58:04 | 000,000,107 | ---- | M] () -- C:\Windows\IfoEdit.INI
[2011/07/08 07:35:29 | 001,008,041 | ---- | M] () -- C:\Users\alex\Desktop\rkill.com
[2011/07/07 08:43:20 | 000,180,633 | ---- | M] () -- C:\Users\alex\Desktop\So you need a typeface.png
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/07/28 15:37:39 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/28 10:44:20 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/28 09:35:50 | 000,021,064 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/25 08:49:09 | 000,744,011 | ---- | C] () -- C:\Users\alex\Desktop\adult_sized_bean_bag_chair.pdf
[2011/07/21 10:05:05 | 000,000,054 | ---- | C] () -- C:\Windows\System32\1085983136
[2011/07/15 19:58:04 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2011/07/09 18:23:50 | 000,001,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/08 07:35:27 | 001,008,041 | ---- | C] () -- C:\Users\alex\Desktop\rkill.com
[2011/07/07 08:43:20 | 000,180,633 | ---- | C] () -- C:\Users\alex\Desktop\So you need a typeface.png
[2011/06/09 08:17:22 | 000,000,749 | ---- | C] () -- C:\Program Files\Common Files\Uninstall.lnk
[2011/04/02 09:19:45 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p04].bmp
[2011/04/02 09:19:43 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p03].bmp
[2011/01/01 16:32:48 | 000,134,656 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/15 09:46:35 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/09/12 19:55:38 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/06/12 19:47:53 | 000,000,411 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/19 19:42:02 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/04/19 19:42:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/04/16 12:51:46 | 001,336,536 | ---- | C] () -- C:\Users\alex\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2010/02/05 18:44:08 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/01/22 14:59:33 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/01/09 16:29:24 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/07/01 09:54:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/06/30 20:25:31 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/06/24 05:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/06/20 13:03:10 | 000,000,623 | ---- | C] () -- C:\Windows\fnerr.dat
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/05/21 21:20:45 | 000,003,636 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/11/15 04:02:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/15 04:02:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 15:57:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/29 16:44:38 | 000,000,966 | ---- | C] () -- C:\Users\alex\AppData\Local\7F68A003.il
[2008/06/29 16:44:38 | 000,000,280 | ---- | C] () -- C:\Users\alex\AppData\Local\IndexIE_7F68A003.il
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 11:24:08 | 000,002,113 | ---- | C] () -- C:\Windows\APDFPRP.INI
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/04/25 11:41:09 | 000,000,905 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI
[2008/04/25 11:41:09 | 000,000,905 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI
[2008/04/25 11:38:01 | 000,000,026 | ---- | C] () -- C:\Windows\SW_Win2000X16.DLL
[2008/04/25 11:38:00 | 000,000,078 | ---- | C] () -- C:\Windows\SW_Win2000X9.DLL
[2008/04/25 11:35:35 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2008/04/25 11:35:34 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SII_PDF.dll
[2008/04/25 11:35:34 | 000,131,072 | ---- | C] () -- C:\Windows\System32\CSVSpecialProcessing.dll
[2008/04/25 11:35:33 | 000,225,280 | ---- | C] () -- C:\Windows\System32\DrakeCom.dll
[2007/11/21 18:18:24 | 000,000,046 | ---- | C] () -- C:\Users\alex\AppData\Roaming\speech.wav
[2007/10/18 19:38:06 | 000,001,900 | ---- | C] () -- C:\Windows\System32\MSMINI.DLL
[2007/10/12 19:13:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2007/10/12 19:13:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2007/10/12 19:13:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2007/10/12 19:13:13 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007/10/12 19:13:13 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007/10/11 14:14:55 | 000,000,085 | ---- | C] () -- C:\Windows\QTW.INI
[2007/10/11 14:14:26 | 000,000,141 | ---- | C] () -- C:\Windows\asym.ini
[2007/08/21 20:30:33 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/07/29 12:21:19 | 000,000,120 | ---- | C] () -- C:\Users\alex\AppData\Roaming\FixVTS.ini
[2007/07/29 11:40:07 | 000,034,308 | ---- | C] () -- C:\Windows\System32\Chip.dll
[2007/07/29 11:19:49 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\rx_image.Cache
[2007/07/18 18:35:13 | 002,433,400 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2007/07/15 20:52:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2007/07/13 11:02:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/06/14 17:41:22 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/06/10 23:19:13 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/10 23:19:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/27 11:35:02 | 000,001,564 | ---- | C] () -- C:\Windows\mozver.dat
[2007/05/23 09:37:30 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2007/05/23 09:36:14 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2007/05/23 09:26:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/22 22:45:20 | 000,024,206 | ---- | C] () -- C:\Users\alex\AppData\Roaming\UserTile.png
[2007/05/22 19:51:53 | 000,144,896 | ---- | C] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/22 19:39:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,769,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2006/01/16 21:56:44 | 000,002,032 | ---- | C] () -- C:\Users\alex\AppData\Local\d3d9caps.dat
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:527DAC91
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:87F27901

< End of report >


___________________________________

EXTRAS LOGFILE

OTL Extras logfile created on: 8/5/2011 2:25:02 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.13% Memory free
6.19 Gb Paging File | 4.91 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 36.11 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 181.96 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 273.30 Gb Free Space | 58.69% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (Just Great Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2442573536-1488855162-1681777626-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A61068E-AF51-47A0-AF56-654D0EABE249}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EB3B3BF-1183-4FE2-85F7-1B6CC4B5159C}" = lport=445 | protocol=6 | dir=in | app=system |
"{15AFAB41-EDA5-40BD-A37C-D9A0161C2CD6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{29CCD703-500C-4D11-B287-A47B44EFD303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B8893A0-3884-4528-BA2E-38A3F8E8CF60}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3E49A225-E678-4DDE-9015-6553E45A69B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{4038EFFB-7D71-41E1-B0AE-FD532312E8D5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6040620C-592E-408B-8E3B-AF68998902BF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6B78FB99-7797-4CDC-AE23-201C5766E4CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CEF94DE-5587-4AE9-8759-A56E662A2D0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7F18FCC7-B8E6-4A2E-86DA-95604B5DB3F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{82223F1B-E3E6-4AF4-90D6-1EFE2B915501}" = lport=137 | protocol=17 | dir=in | app=system |
"{9547474B-A7D5-42F8-9665-AF37D113CC61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B635F82A-DD9A-4A45-8AB4-90BBC3CA0F13}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBEE5015-0BA3-4BD8-82FF-4ADC29448508}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1C45677-C154-4B69-AE03-5F86A20F65BD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0022B6F1-4189-411A-9CC7-16D3E5F85B05}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{01A318EF-1D3D-487C-A2B8-3DB7916207B9}" = protocol=1 | dir=out | [email protected],-28544 |
"{052F3C07-3AE3-493C-B8F6-0EE6A483AF2A}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{085A49E2-09B2-4678-ABD9-ABEEC723C46C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0A759F7D-4116-422F-B650-83AF42D47233}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{0B0C296D-322E-41A3-A558-94A82EC98E62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{162569D2-1D83-47F3-A830-78F4FC792DA2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1A734372-52D7-436E-9D00-14F56413EE24}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{1F2C3B31-DF0D-4561-9D20-7EEEECE9A838}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{238CBF93-181C-496F-8FB1-E781C415D175}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{2E899EC9-FF02-4952-8A7A-E2DD62156372}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F6487CB-7C36-4073-A714-C07BCEADEE7D}" = protocol=58 | dir=out | [email protected],-28546 |
"{37A15A7E-5A6B-4EDC-9799-A854FAE30C01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{38DC1F46-6EF7-49F9-A0D5-4F8CE3DFDCAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{449BB237-6993-455B-AE20-86F19B8ADB02}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F023A69-76F9-46A3-9376-2315ECFF8C3E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{56E1C7C2-C1F8-4AA9-9C99-AA23D172ED2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{56F453EE-1FE3-4A55-AE71-1FBFC9DC97CD}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{5B167275-8EA1-47F3-BB1E-395F39E59025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5D73BD3B-F6AD-4845-9192-340FD00BE82C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5FAAB370-35A4-483A-A483-CF59E4FCF64A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{60547672-D26A-4754-B721-55A8FF26E7A3}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{628726BB-B120-4713-902E-C066CD1706DF}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{65B84A74-54C9-43C5-945D-A91005A71AF6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{6B2987AF-C63B-4D82-A0E7-DD2385257BBE}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{74B015F5-4E97-43E8-A9AE-1006E413E8E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7977FF99-2CC1-4AD9-9E4A-E440A1D6D834}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{85D65DFE-7C64-4605-B6FA-21B2BAEE0218}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{85DE0597-FD17-4F0B-BF0C-7723DD3D0D46}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8668AA27-65BC-4FF0-BA9F-FACE96D6CAAD}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8FB2E442-21F5-491D-B246-EF858E4A5DD6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{91D84927-2CDB-46EB-A2B7-3F6A3A894FC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95C519AD-3160-4AE6-9BA2-67D6E6300DBA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CC3DF03-3451-459E-BFBF-1B2FC44B9F55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9FF945C9-D3CE-4520-B082-7A36AF277AF9}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A46D5082-54D4-465F-BDF5-3846F04DA900}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A96EE951-91BA-4AF1-B89C-03B81A85FA06}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{ACA28629-DB9A-41E4-A47C-3A2FB436230C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AD759016-5028-437D-AAED-2C6B3F105868}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{ADCD8F4E-495B-4CAB-A4B7-29CEF2900295}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BC142752-54D9-4EFF-9C0A-EB5E480C0448}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BE8B1420-C6D4-44B9-9833-EDFB2BB922F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{C5292FCA-A910-43A7-9423-A7CD72E6456F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{D18C8CB1-D0A8-4E1F-8335-123302A1E4E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{DECA9B41-B267-45E5-8A5E-35EFEF5C926A}" = protocol=1 | dir=in | [email protected],-28543 |
"{F77037BA-60A5-4C91-91A8-0E0E3029602B}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{F8BED84C-BD7C-4C44-A02F-AB9921238143}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FA8C1F2A-F973-442F-BC31-641F67C76C82}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FDD928EC-A61A-4073-974F-956B78406042}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"TCP Query User{1829060D-62B5-4F08-920F-F4F643EFA910}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{1D47D97C-DF02-4FC8-A5DD-89FE2FBADF2A}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"TCP Query User{2FD0CBEC-F137-4583-B05F-8B1A2ED073F2}C:\users\alex\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"TCP Query User{30CE7D55-E1C0-40B3-80CD-DCDF04A980C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{30D2992F-CC04-403C-B582-91E5B27266EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33C5C8A8-9F2E-4331-970E-3C51E70722A1}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{3834DD30-F508-4387-82C9-18E3D201DC11}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"TCP Query User{3C0FFFAE-BDFC-4FAD-987A-8ABA0946410F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{42E4A520-A33B-48E1-80A6-B07C5E8B2F16}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{57E4977F-7AA9-4904-8DC7-C589A2A9E574}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{68D4A33F-33F1-440D-ACB9-C42DD797FD22}C:\program files\surfoffline 2\so.exe" = protocol=6 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"TCP Query User{78A7EE0E-0647-4FEF-AC26-8B6D743133A3}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"TCP Query User{7A23A9EC-9CC3-4226-9DD5-C2682FB56ED0}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"TCP Query User{7D6C0D17-F4D7-4A22-9CC4-9AEBE01CCA4E}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{8678FC81-2728-4571-A37F-ACA241819491}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |
"TCP Query User{971DF3D5-F179-473A-9142-9C519389FE97}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{B42501B5-7770-427B-B2E4-C17F4C15CABA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{D881930A-685D-441A-ADCD-BD2192A33580}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DC0E3183-652B-465F-B6E3-6B0F880E66EB}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"TCP Query User{E35F87D0-E203-4CB4-ACDE-DA1E1AD50D7B}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"TCP Query User{E5AD1E08-8E97-4C8D-9AC0-D5F2B0125D30}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"TCP Query User{F8D5AF4E-0D16-46E0-80C6-4A2315567DDD}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{0AEAC2DC-E4C0-4B3C-9B8A-EDD7EF7CC11B}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"UDP Query User{114FA411-346A-43A8-B5C5-CA666BDFE5C1}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{300CEBD4-9E15-4416-BC1D-4EC197964C6D}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{357F8BF3-4F27-4CD9-ACF7-514D59D7B058}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{528A3A28-5772-452B-9660-4FC2700F0E1C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{73A88C11-E08C-44CA-9A7B-3C7BB60E1751}C:\users\alex\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"UDP Query User{90B02371-218D-4162-887D-08DED3AF7CE0}C:\program files\surfoffline 2\so.exe" = protocol=17 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"UDP Query User{A8B98736-E257-4384-A671-98A0BB6BD10D}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"UDP Query User{AC30836C-8602-4886-BEA1-8D6BCA3F9B3E}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{AE55290B-7DB0-4B57-9860-CD4F6212650F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B79C510D-EEA7-4BC8-A83E-5F98FC70296B}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{B8DC1893-8090-4505-9ACE-BC306624C4C6}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{D61DC1C3-5A89-4A25-B516-B2E15F03AE79}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{E48796F9-B6F8-4A77-A4FA-CB7FA74EBA72}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"UDP Query User{F160B9C5-2232-42C2-BCF2-E2ACC4A195FB}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{F204AC54-C863-42CD-AAD9-EBB595EC0075}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F441128E-475B-4F2C-A7FB-7F19F2197133}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F5FFB246-8AFC-4B90-8EB9-8BBD3E9F01D0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F8899988-8F1E-495C-87BC-673C71CFFD8E}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{FA3BB6E7-3A38-4307-B5B4-C8A94A2A6A86}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"UDP Query User{FB171E7E-46D0-4D48-9CCB-0BE455293748}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"UDP Query User{FD52A11E-63D4-49B6-B4DC-A4E5359AFDB9}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B1CCC26-8D5D-4C1D-BCFF-36821F7A365A}" = CraigsList Reader
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D87A9A8-62B0-486D-BA10-69A1F8963F43}" = NextUp-Acapela Elan Lucy22 UK English Voice
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E885D80-1F36-4A75-AD9A-B1676E484701}" = Soluto
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70E3A868-C269-4E6D-B225-862AADF7D0AF}" = Adobe Creative Suite 4 Production Premium
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9B20A26E-5233-474D-B83A-027D71D0DC32}" = NextUp-Acapela Elan Graham22 UK English Voice
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A595C6BC-D961-4BAD-ACB3-BE599870D1A1}" = NextUp-Acapela Elan Laura22 US English Voice
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA842D69-22DB-456E-95C7-A5C92593C7C4}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0928B04-FD1F-4FF1-8834-75A21C2B836C}" = OneNote Search and Replace
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E13249D4-C0D1-42E8-AF82-A117AA008A75}_is1" = XML:Wrench
"{E140C2EC-9D11-4EA6-AED0-79762A642AF6}" = Eudora
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_36ac9dc8c9a94feb9e5886810012e78" = Adobe Creative Suite 4 Production Premium
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.1.7
"Artisteer 2" = Artisteer 2
"ASIO4ALL v2" = ASIO4ALL v2
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.2
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"EditPad Lite" = Just Great Software EditPad Lite 6.6.0
"EditPad Pro 6" = Just Great Software EditPad Pro 6 DEMO 6.7.0
"FileZilla" = FileZilla (remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"IsoBuster_is1" = IsoBuster 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LookInMyPC" = LookInMyPC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.47b
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SABnzbd" = SABnzbd 0.6.2
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"SUPER ©" = SUPER © Version 2010.bld.41 (Oct 31, 2010)
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TextAloud MP3_is1" = TextAloud
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verbose" = Verbose Uninstall
"VLC media player" = VLC media player 1.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"VueScan" = VueScan
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.2" = ClosetMaid v1.5.2
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2011 11:26:33 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2011 9:24:06 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2011 12:32:23 PM | Computer Name = desktop | Source = Application Hang | ID = 1002
Description = The program Roxio_Central33.exe version 3.30.65.4 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 89c Start Time: 01cbb404c8490e3c Termination Time: 2795

Error - 1/14/2011 8:15:21 PM | Computer Name = desktop | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x168dceb0, process id 0x734, application start time
0x01cbb2ad96fe3314.

Error - 1/14/2011 8:16:40 PM | Computer Name = desktop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9c4 Start Time: 01cbb4496f693d86 Termination Time: 115

Error - 1/14/2011 9:21:46 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/16/2011 1:15:35 PM | Computer Name = desktop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c0c Start Time: 01cbb4497ce45ef6 Termination Time: 1554

Error - 1/22/2011 6:54:26 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/23/2011 6:59:00 PM | Computer Name = desktop | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x13d6ceb0, process id 0x548, application start time
0x01cbb9bcd859965d.

Error - 1/25/2011 7:31:12 PM | Computer Name = desktop | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, time
stamp 0x4cf928fc, faulting module xul.dll, version 1.9.2.3989, time stamp 0x4cf9289d,
exception code 0xc0000005, fault offset 0x0073c279, process id 0x3ec, application
start time 0x01cbbce776b38a98.

[ Media Center Events ]
Error - 3/23/2009 12:08:21 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/23/2009 2:16:12 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/2/2009 11:50:55 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/3/2009 11:40:36 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/6/2009 11:40:44 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/25/2009 11:47:02 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/26/2009 1:52:28 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2009 9:07:18 AM | Computer Name = desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 1/4/2011 9:20:22 PM | Computer Name = desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :unsure:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
  • 0

#3
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
SweetTech, thank you so much for your help.

Before I posted my original email about the google redirect virus, I followed the directions here: http://www.geekstogo...ogle-redirects/

...and since I'd already tried TDSSKiller several times, I wasn't optimistic, but I think it took care of the redirect virus. I ran Gmer anyway, since I've had other problems, and this is what I got:




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 20:01:17
Windows 6.0.6001 Service Pack 1 Harddisk1\DR1 -> \Device\00000076 ST332062 rev.3.AD
Running: gmer.exe; Driver: C:\Users\alex\AppData\Local\Temp\fxldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90C05340, 0x35AB67, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\[email protected] 0xA5 0x54 0x7B 0xEE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

No problem!

Do you have the TDSSKiller log for me to review?

It can be found in your C:\ drive.

Please also run the following scan:


Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#5
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here's the TDSS log:


2011/08/05 14:16:14.0956 0932 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/05 14:16:15.0284 0932 ================================================================================
2011/08/05 14:16:15.0284 0932 SystemInfo:
2011/08/05 14:16:15.0284 0932
2011/08/05 14:16:15.0284 0932 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/05 14:16:15.0284 0932 Product type: Workstation
2011/08/05 14:16:15.0284 0932 ComputerName: DESKTOP
2011/08/05 14:16:15.0284 0932 UserName: alex
2011/08/05 14:16:15.0284 0932 Windows directory: C:\Windows
2011/08/05 14:16:15.0284 0932 System windows directory: C:\Windows
2011/08/05 14:16:15.0284 0932 Processor architecture: Intel x86
2011/08/05 14:16:15.0284 0932 Number of processors: 2
2011/08/05 14:16:15.0284 0932 Page size: 0x1000
2011/08/05 14:16:15.0284 0932 Boot type: Normal boot
2011/08/05 14:16:15.0284 0932 ================================================================================
2011/08/05 14:16:16.0597 0932 Initialize success
2011/08/05 14:16:18.0706 3148 ================================================================================
2011/08/05 14:16:18.0706 3148 Scan started
2011/08/05 14:16:18.0706 3148 Mode: Manual;
2011/08/05 14:16:18.0706 3148 ================================================================================
2011/08/05 14:16:20.0175 3148 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/08/05 14:16:20.0441 3148 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/08/05 14:16:20.0612 3148 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/05 14:16:20.0769 3148 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/05 14:16:20.0862 3148 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/05 14:16:20.0925 3148 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/05 14:16:21.0034 3148 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/08/05 14:16:21.0316 3148 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/08/05 14:16:21.0800 3148 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/05 14:16:21.0847 3148 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/08/05 14:16:21.0894 3148 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/08/05 14:16:21.0941 3148 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/08/05 14:16:21.0987 3148 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/05 14:16:22.0019 3148 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/05 14:16:22.0066 3148 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/05 14:16:22.0128 3148 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/05 14:16:22.0222 3148 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\Windows\system32\drivers\ASPI32.sys
2011/08/05 14:16:22.0284 3148 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/05 14:16:22.0347 3148 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/08/05 14:16:22.0456 3148 ATIAVPCI (c445d1e73e891833a065bb8fac445f7e) C:\Windows\system32\DRIVERS\atinavrr.sys
2011/08/05 14:16:22.0550 3148 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/05 14:16:22.0612 3148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/05 14:16:22.0737 3148 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/05 14:16:22.0784 3148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/05 14:16:22.0816 3148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/05 14:16:22.0862 3148 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/05 14:16:22.0894 3148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/05 14:16:22.0941 3148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/05 14:16:23.0019 3148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/05 14:16:23.0206 3148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/05 14:16:23.0284 3148 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/05 14:16:23.0425 3148 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/05 14:16:23.0503 3148 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/05 14:16:23.0659 3148 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/08/05 14:16:23.0737 3148 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/08/05 14:16:23.0816 3148 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/05 14:16:23.0894 3148 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/05 14:16:23.0956 3148 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/05 14:16:24.0019 3148 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/08/05 14:16:24.0050 3148 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/08/05 14:16:24.0175 3148 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/08/05 14:16:24.0284 3148 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/08/05 14:16:24.0644 3148 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/08/05 14:16:24.0769 3148 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/08/05 14:16:24.0862 3148 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/08/05 14:16:25.0284 3148 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/08/05 14:16:25.0487 3148 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/08/05 14:16:25.0534 3148 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/08/05 14:16:25.0675 3148 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/08/05 14:16:25.0925 3148 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/08/05 14:16:26.0034 3148 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/08/05 14:16:26.0128 3148 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/05 14:16:26.0175 3148 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/05 14:16:26.0206 3148 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/05 14:16:26.0300 3148 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/05 14:16:26.0378 3148 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/05 14:16:26.0441 3148 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/05 14:16:26.0472 3148 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/05 14:16:26.0534 3148 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/08/05 14:16:26.0581 3148 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/05 14:16:26.0659 3148 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/08/05 14:16:26.0753 3148 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/08/05 14:16:26.0816 3148 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/08/05 14:16:26.0862 3148 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/05 14:16:26.0941 3148 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/05 14:16:26.0987 3148 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/05 14:16:27.0034 3148 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/05 14:16:27.0206 3148 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/08/05 14:16:27.0284 3148 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/05 14:16:27.0347 3148 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/05 14:16:27.0612 3148 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/08/05 14:16:27.0691 3148 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/08/05 14:16:27.0769 3148 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/05 14:16:27.0862 3148 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/05 14:16:27.0972 3148 HidBatt (f81597498b73caba59e2f0a26ba375ae) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/05 14:16:28.0019 3148 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/05 14:16:28.0050 3148 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/05 14:16:28.0112 3148 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/05 14:16:28.0175 3148 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/05 14:16:28.0284 3148 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/08/05 14:16:28.0300 3148 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/05 14:16:28.0362 3148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/05 14:16:28.0394 3148 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/05 14:16:28.0456 3148 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/05 14:16:28.0534 3148 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2011/08/05 14:16:28.0581 3148 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/05 14:16:28.0675 3148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/05 14:16:28.0769 3148 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/05 14:16:28.0831 3148 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/05 14:16:28.0909 3148 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/05 14:16:28.0956 3148 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/08/05 14:16:29.0050 3148 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/05 14:16:29.0128 3148 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/05 14:16:29.0175 3148 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/05 14:16:29.0237 3148 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/05 14:16:29.0269 3148 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/05 14:16:29.0394 3148 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/05 14:16:29.0487 3148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/05 14:16:29.0534 3148 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/05 14:16:29.0581 3148 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/05 14:16:29.0612 3148 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/05 14:16:29.0659 3148 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/05 14:16:29.0737 3148 MarvinBus (d51e16339213898bc20c58670274ec3e) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/08/05 14:16:29.0784 3148 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/05 14:16:29.0816 3148 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/05 14:16:29.0862 3148 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/05 14:16:29.0956 3148 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/05 14:16:29.0987 3148 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/05 14:16:30.0034 3148 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/05 14:16:30.0112 3148 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/05 14:16:30.0159 3148 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/05 14:16:30.0425 3148 MpKsl9485d83f (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBBF0D00-CCCC-4B07-8D21-2DEAA2423B16}\MpKsl9485d83f.sys
2011/08/05 14:16:30.0706 3148 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/05 14:16:30.0784 3148 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/05 14:16:30.0847 3148 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/05 14:16:30.0909 3148 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/08/05 14:16:30.0972 3148 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/05 14:16:31.0034 3148 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/05 14:16:31.0066 3148 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/05 14:16:31.0112 3148 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2011/08/05 14:16:31.0191 3148 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/05 14:16:31.0253 3148 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/05 14:16:31.0331 3148 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/05 14:16:31.0394 3148 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/05 14:16:31.0472 3148 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/05 14:16:31.0519 3148 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/05 14:16:31.0581 3148 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/08/05 14:16:31.0675 3148 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/05 14:16:31.0706 3148 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/05 14:16:31.0753 3148 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/08/05 14:16:31.0816 3148 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/05 14:16:31.0909 3148 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/08/05 14:16:31.0987 3148 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/05 14:16:32.0019 3148 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/05 14:16:32.0066 3148 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/05 14:16:32.0159 3148 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/05 14:16:32.0534 3148 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/05 14:16:32.0597 3148 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/05 14:16:32.0659 3148 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/05 14:16:32.0753 3148 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/05 14:16:32.0847 3148 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/08/05 14:16:32.0925 3148 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/05 14:16:32.0987 3148 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/08/05 14:16:33.0081 3148 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/05 14:16:33.0128 3148 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/05 14:16:33.0237 3148 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/05 14:16:33.0581 3148 nvlddmkm (671c58cc8dadfe2903207f299ce7a0e1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/05 14:16:33.0956 3148 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/05 14:16:34.0034 3148 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/05 14:16:34.0128 3148 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/05 14:16:34.0175 3148 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/08/05 14:16:34.0378 3148 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/05 14:16:34.0472 3148 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/08/05 14:16:34.0628 3148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/05 14:16:34.0706 3148 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/08/05 14:16:34.0753 3148 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/05 14:16:34.0800 3148 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/08/05 14:16:34.0878 3148 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/05 14:16:34.0925 3148 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\system32\drivers\pclepci.sys
2011/08/05 14:16:34.0956 3148 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/05 14:16:35.0019 3148 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/05 14:16:35.0175 3148 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2011/08/05 14:16:35.0316 3148 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/05 14:16:35.0456 3148 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/05 14:16:35.0550 3148 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/05 14:16:35.0644 3148 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/05 14:16:35.0722 3148 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/05 14:16:35.0816 3148 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/05 14:16:35.0862 3148 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/05 14:16:35.0956 3148 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/05 14:16:36.0066 3148 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/05 14:16:36.0112 3148 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/05 14:16:36.0191 3148 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/05 14:16:36.0284 3148 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/05 14:16:36.0347 3148 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/05 14:16:36.0425 3148 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/05 14:16:36.0550 3148 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/08/05 14:16:36.0612 3148 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/05 14:16:36.0675 3148 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/08/05 14:16:36.0862 3148 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/05 14:16:37.0034 3148 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/05 14:16:37.0144 3148 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/05 14:16:37.0331 3148 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/05 14:16:37.0441 3148 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/05 14:16:37.0644 3148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/05 14:16:37.0722 3148 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/05 14:16:37.0816 3148 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/05 14:16:37.0862 3148 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/05 14:16:38.0003 3148 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/05 14:16:38.0066 3148 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/05 14:16:38.0112 3148 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/05 14:16:38.0159 3148 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/05 14:16:38.0237 3148 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/08/05 14:16:38.0284 3148 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/05 14:16:38.0331 3148 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/05 14:16:38.0441 3148 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/08/05 14:16:38.0534 3148 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
2011/08/05 14:16:38.0816 3148 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/05 14:16:39.0050 3148 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/08/05 14:16:39.0128 3148 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/05 14:16:39.0206 3148 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/05 14:16:39.0284 3148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/05 14:16:39.0425 3148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/05 14:16:39.0487 3148 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/05 14:16:39.0550 3148 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/05 14:16:39.0831 3148 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
2011/08/05 14:16:40.0097 3148 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/05 14:16:40.0206 3148 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/05 14:16:40.0253 3148 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/05 14:16:40.0487 3148 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/05 14:16:40.0550 3148 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/05 14:16:40.0597 3148 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/05 14:16:40.0706 3148 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/05 14:16:40.0753 3148 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/05 14:16:40.0816 3148 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/05 14:16:40.0941 3148 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/05 14:16:41.0034 3148 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/05 14:16:41.0112 3148 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/05 14:16:41.0159 3148 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/05 14:16:41.0300 3148 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/05 14:16:41.0425 3148 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/05 14:16:41.0503 3148 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/05 14:16:41.0597 3148 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/08/05 14:16:41.0816 3148 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/05 14:16:41.0878 3148 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/05 14:16:41.0956 3148 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/05 14:16:42.0019 3148 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/05 14:16:42.0066 3148 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/05 14:16:42.0144 3148 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/05 14:16:42.0237 3148 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/05 14:16:42.0316 3148 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/05 14:16:42.0472 3148 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/05 14:16:42.0550 3148 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/05 14:16:42.0581 3148 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/05 14:16:42.0628 3148 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/08/05 14:16:42.0659 3148 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/05 14:16:42.0691 3148 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/08/05 14:16:42.0800 3148 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/05 14:16:42.0894 3148 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/08/05 14:16:43.0019 3148 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/08/05 14:16:43.0097 3148 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/05 14:16:43.0128 3148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/05 14:16:43.0175 3148 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/05 14:16:43.0191 3148 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/05 14:16:43.0284 3148 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/05 14:16:43.0487 3148 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/05 14:16:43.0769 3148 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/05 14:16:43.0862 3148 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/05 14:16:43.0909 3148 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/05 14:16:43.0956 3148 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/08/05 14:16:44.0019 3148 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2011/08/05 14:16:44.0081 3148 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2011/08/05 14:16:44.0159 3148 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2011/08/05 14:16:44.0206 3148 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2011/08/05 14:16:44.0300 3148 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/05 14:16:44.0362 3148 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/05 14:16:44.0394 3148 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/08/05 14:16:44.0909 3148 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk3\DR3
2011/08/05 14:16:44.0925 3148 Boot (0x1200) (43feb21adb9406a882922316b5ab853d) \Device\Harddisk0\DR0\Partition0
2011/08/05 14:16:44.0941 3148 Boot (0x1200) (a583a3aee885f0a9dbebfe39db018ab6) \Device\Harddisk1\DR1\Partition0
2011/08/05 14:16:44.0972 3148 Boot (0x1200) (663c60b0c4f38710958eb28e05d90211) \Device\Harddisk1\DR1\Partition1
2011/08/05 14:16:45.0019 3148 Boot (0x1200) (e475030ac620b6d630754e5a86ca5bd0) \Device\Harddisk3\DR3\Partition0
2011/08/05 14:16:45.0019 3148 ================================================================================
2011/08/05 14:16:45.0019 3148 Scan finished
2011/08/05 14:16:45.0019 3148 ================================================================================
2011/08/05 14:16:45.0019 1132 Detected object count: 0
2011/08/05 14:16:45.0019 1132 Actual detected object count: 0
2011/08/05 14:17:21.0612 0264 Deinitialize success
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Please post the OTL logs when you get a chance.
  • 0

#7
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OTL logfile created on: 8/7/2011 6:39:08 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.39% Memory free
6.19 Gb Paging File | 4.19 Gb Available in Paging File | 67.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 72.81 Gb Free Space | 25.28% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 223.49 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 273.30 Gb Free Space | 58.69% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 18:37:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL(1).exe
PRC - [2011/07/31 09:56:03 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/06/26 13:53:42 | 001,706,544 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/06/26 13:53:42 | 000,376,352 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 18:37:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL(1).exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/26 13:53:42 | 000,376,352 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/04/19 19:43:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/03 11:24:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/28 16:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/07 14:20:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AD8E54B-A4D7-46A5-9D4F-6F156D8BEF8B}\MpKsle44447a1.sys -- (MpKsle44447a1)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/06/26 13:34:52 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/15 01:15:42 | 000,813,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/06 22:24:08 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/04/06 22:24:08 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/09/17 09:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/06 15:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/21 15:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]

IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.netflix.c...Now?lnkctr=mhWN
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/02/14 14:33:29 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/20 16:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 15:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/09 18:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/13 19:46:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\alex\AppData\Roaming\Move Networks [2009/10/03 09:23:25 | 000,000,000 | ---D | M]

[2010/01/24 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions
[2010/01/24 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/15 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011/08/05 14:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions
[2011/07/02 09:53:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/03 17:40:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/16 09:36:02 | 000,000,000 | ---D | M] (ChromEdit Plus) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/03/11 11:12:24 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/02/20 13:03:58 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/06/20 16:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 18:35:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2005/11/29 18:28:00 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 13:55:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000..\Run: [AdobeBridge] File not found
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] File not found
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/02/12 10:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\Shell - "" = AutoRun
O33 - MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{684e8748-fbba-11de-994d-00242135f33b}\Shell\AutoRun\command - "" = L:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O33 - MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\Shell\AutoRun\command - "" = F:\browser.exe
O33 - MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\Shell - "" = AutoRun
O33 - MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Users\alex\Desktop\Various -
File not found -- C:\Users\alex\Desktop\New Year Flood
[2011/08/07 18:37:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL(1).exe
[2011/08/05 18:45:07 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\gmer
[2011/08/05 14:24:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2011/08/05 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\tdsskiller
[2011/08/05 14:10:42 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\GooredFix Backups
[2011/08/05 14:09:04 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\alex\Desktop\GooredFix.exe
[2011/08/05 13:55:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/05 13:54:54 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTM.exe
[2011/08/05 13:54:42 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\8-5-2011
[2011/08/05 13:53:22 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\erunt
[2011/07/28 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/28 15:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/28 15:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/28 10:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/28 10:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/28 09:46:07 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/28 09:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/28 09:35:01 | 006,619,456 | ---- | C] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro35.exe
[2011/07/24 14:42:29 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\!for bedroom
[2011/07/15 19:47:44 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\ifoedit096
[2011/07/08 19:17:15 | 000,000,000 | ---D | C] -- C:\divx
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\alex\Desktop\Various -
File not found -- C:\Users\alex\Desktop\New Year Flood
[2011/08/07 18:37:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL(1).exe
[2011/08/07 18:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/07 18:25:22 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2011/08/07 18:25:22 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2011/08/07 18:25:22 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2011/08/07 18:01:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 17:03:41 | 000,026,947 | ---- | M] () -- C:\Users\alex\Desktop\Burial - Untrue .nzb
[2011/08/07 16:56:47 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 16:56:47 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 16:16:55 | 000,147,456 | ---- | M] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/07 15:37:25 | 000,039,031 | ---- | M] () -- C:\Users\alex\Desktop\Hospice The Antlers(1).nzb
[2011/08/07 12:51:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/07 00:25:23 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A482A68-0330-4A8D-9FD3-200B36A2F2C2}.job
[2011/08/06 10:32:11 | 000,002,359 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/08/05 19:16:02 | 000,001,952 | ---- | M] () -- C:\Users\alex\Desktop\Lost Cause - Beck.nzb
[2011/08/05 19:15:41 | 000,002,386 | ---- | M] () -- C:\Users\alex\Desktop\naked as we came.nzb
[2011/08/05 19:14:50 | 000,000,924 | ---- | M] () -- C:\Users\alex\Desktop\lzaprs midi Yann tiersen .nzb
[2011/08/05 19:14:18 | 000,002,400 | ---- | M] () -- C:\Users\alex\Desktop\Erik Saties Gymnopedie No. 1.nzb
[2011/08/05 19:13:49 | 000,004,491 | ---- | M] () -- C:\Users\alex\Desktop\Tool - 10000 Days.nzb
[2011/08/05 19:12:48 | 000,003,290 | ---- | M] () -- C:\Users\alex\Desktop\Sigur Ros - Staralfur.nzb
[2011/08/05 19:12:26 | 000,008,283 | ---- | M] () -- C:\Users\alex\Desktop\Hospice The Antlers.nzb
[2011/08/05 19:09:42 | 000,002,409 | ---- | M] () -- C:\Users\alex\Desktop\Your Ex-Lover is Dead Stars.nzb
[2011/08/05 19:08:57 | 000,004,735 | ---- | M] () -- C:\Users\alex\Desktop\Radioheads How To Disappear Completely.nzb
[2011/08/05 14:24:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2011/08/05 14:09:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\alex\Desktop\GooredFix.exe
[2011/08/05 14:08:29 | 000,004,832 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/08/05 14:08:29 | 000,003,053 | ---- | M] () -- C:\Windows\System32\.lck
[2011/08/05 13:55:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/05 13:54:57 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTM.exe
[2011/08/04 20:48:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/30 13:33:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/30 13:14:54 | 000,021,064 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/28 15:37:39 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/28 10:44:20 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/28 09:35:18 | 006,619,456 | ---- | M] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro35.exe
[2011/07/25 08:49:10 | 000,744,011 | ---- | M] () -- C:\Users\alex\Desktop\adult_sized_bean_bag_chair.pdf
[2011/07/21 10:47:48 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/07/21 10:05:05 | 000,000,054 | ---- | M] () -- C:\Windows\System32\1085983136
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\alex\Desktop\gmer.exe
[2011/07/15 19:58:04 | 000,000,107 | ---- | M] () -- C:\Windows\IfoEdit.INI

========== Files Created - No Company Name ==========

[2011/08/07 17:03:41 | 000,026,947 | ---- | C] () -- C:\Users\alex\Desktop\Burial - Untrue .nzb
[2011/08/07 15:37:22 | 000,039,031 | ---- | C] () -- C:\Users\alex\Desktop\Hospice The Antlers(1).nzb
[2011/08/05 19:16:02 | 000,001,952 | ---- | C] () -- C:\Users\alex\Desktop\Lost Cause - Beck.nzb
[2011/08/05 19:15:40 | 000,002,386 | ---- | C] () -- C:\Users\alex\Desktop\naked as we came.nzb
[2011/08/05 19:14:50 | 000,000,924 | ---- | C] () -- C:\Users\alex\Desktop\lzaprs midi Yann tiersen .nzb
[2011/08/05 19:14:18 | 000,002,400 | ---- | C] () -- C:\Users\alex\Desktop\Erik Saties Gymnopedie No. 1.nzb
[2011/08/05 19:13:49 | 000,004,491 | ---- | C] () -- C:\Users\alex\Desktop\Tool - 10000 Days.nzb
[2011/08/05 19:12:48 | 000,003,290 | ---- | C] () -- C:\Users\alex\Desktop\Sigur Ros - Staralfur.nzb
[2011/08/05 19:12:26 | 000,008,283 | ---- | C] () -- C:\Users\alex\Desktop\Hospice The Antlers.nzb
[2011/08/05 19:09:42 | 000,002,409 | ---- | C] () -- C:\Users\alex\Desktop\Your Ex-Lover is Dead Stars.nzb
[2011/08/05 19:08:56 | 000,004,735 | ---- | C] () -- C:\Users\alex\Desktop\Radioheads How To Disappear Completely.nzb
[2011/08/05 18:45:08 | 000,302,592 | ---- | C] () -- C:\Users\alex\Desktop\gmer.exe
[2011/07/28 15:37:39 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/28 10:44:20 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/28 09:35:50 | 000,021,064 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/25 08:49:09 | 000,744,011 | ---- | C] () -- C:\Users\alex\Desktop\adult_sized_bean_bag_chair.pdf
[2011/07/21 10:05:05 | 000,000,054 | ---- | C] () -- C:\Windows\System32\1085983136
[2011/07/15 19:58:04 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2011/07/09 18:23:50 | 000,001,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/09 08:17:22 | 000,000,749 | ---- | C] () -- C:\Program Files\Common Files\Uninstall.lnk
[2011/04/02 09:19:45 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p04].bmp
[2011/04/02 09:19:43 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p03].bmp
[2011/01/01 16:32:48 | 000,134,656 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/15 09:46:35 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/09/12 19:55:38 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/06/12 19:47:53 | 000,000,411 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/19 19:42:02 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/04/19 19:42:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/04/16 12:51:46 | 001,336,536 | ---- | C] () -- C:\Users\alex\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2010/02/05 18:44:08 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/01/22 14:59:33 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/01/09 16:29:24 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/07/01 09:54:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/06/30 20:25:31 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/06/24 05:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/06/20 13:03:10 | 000,000,623 | ---- | C] () -- C:\Windows\fnerr.dat
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/05/21 21:20:45 | 000,003,636 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/11/15 04:02:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/15 04:02:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 15:57:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/29 16:44:38 | 000,000,966 | ---- | C] () -- C:\Users\alex\AppData\Local\7F68A003.il
[2008/06/29 16:44:38 | 000,000,280 | ---- | C] () -- C:\Users\alex\AppData\Local\IndexIE_7F68A003.il
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 11:24:08 | 000,002,113 | ---- | C] () -- C:\Windows\APDFPRP.INI
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/04/25 11:41:09 | 000,000,905 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI
[2008/04/25 11:41:09 | 000,000,905 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI
[2008/04/25 11:38:01 | 000,000,026 | ---- | C] () -- C:\Windows\SW_Win2000X16.DLL
[2008/04/25 11:38:00 | 000,000,078 | ---- | C] () -- C:\Windows\SW_Win2000X9.DLL
[2008/04/25 11:35:35 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2008/04/25 11:35:34 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SII_PDF.dll
[2008/04/25 11:35:34 | 000,131,072 | ---- | C] () -- C:\Windows\System32\CSVSpecialProcessing.dll
[2008/04/25 11:35:33 | 000,225,280 | ---- | C] () -- C:\Windows\System32\DrakeCom.dll
[2007/11/21 18:18:24 | 000,000,046 | ---- | C] () -- C:\Users\alex\AppData\Roaming\speech.wav
[2007/10/18 19:38:06 | 000,001,900 | ---- | C] () -- C:\Windows\System32\MSMINI.DLL
[2007/10/12 19:13:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2007/10/12 19:13:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2007/10/12 19:13:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2007/10/12 19:13:13 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007/10/12 19:13:13 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007/10/11 14:14:55 | 000,000,085 | ---- | C] () -- C:\Windows\QTW.INI
[2007/10/11 14:14:26 | 000,000,141 | ---- | C] () -- C:\Windows\asym.ini
[2007/08/21 20:30:33 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/07/29 12:21:19 | 000,000,120 | ---- | C] () -- C:\Users\alex\AppData\Roaming\FixVTS.ini
[2007/07/29 11:40:07 | 000,034,308 | ---- | C] () -- C:\Windows\System32\Chip.dll
[2007/07/29 11:19:49 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\rx_image.Cache
[2007/07/18 18:35:13 | 002,433,400 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2007/07/15 20:52:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2007/07/13 11:02:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/06/14 17:41:22 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/06/10 23:19:13 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/10 23:19:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/27 11:35:02 | 000,001,564 | ---- | C] () -- C:\Windows\mozver.dat
[2007/05/23 09:37:30 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2007/05/23 09:36:14 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2007/05/23 09:26:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/22 22:45:20 | 000,024,206 | ---- | C] () -- C:\Users\alex\AppData\Roaming\UserTile.png
[2007/05/22 19:51:53 | 000,147,456 | ---- | C] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/22 19:39:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,769,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2006/01/16 21:56:44 | 000,002,032 | ---- | C] () -- C:\Users\alex\AppData\Local\d3d9caps.dat
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:527DAC91
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:87F27901

< End of report >


OTL Extras logfile created on: 8/7/2011 6:39:08 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.39% Memory free
6.19 Gb Paging File | 4.19 Gb Available in Paging File | 67.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 72.81 Gb Free Space | 25.28% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 223.49 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 273.30 Gb Free Space | 58.69% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"

[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (Just Great Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2442573536-1488855162-1681777626-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A61068E-AF51-47A0-AF56-654D0EABE249}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EB3B3BF-1183-4FE2-85F7-1B6CC4B5159C}" = lport=445 | protocol=6 | dir=in | app=system |
"{15AFAB41-EDA5-40BD-A37C-D9A0161C2CD6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{29CCD703-500C-4D11-B287-A47B44EFD303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B8893A0-3884-4528-BA2E-38A3F8E8CF60}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3E49A225-E678-4DDE-9015-6553E45A69B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{4038EFFB-7D71-41E1-B0AE-FD532312E8D5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6040620C-592E-408B-8E3B-AF68998902BF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6B78FB99-7797-4CDC-AE23-201C5766E4CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CEF94DE-5587-4AE9-8759-A56E662A2D0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7F18FCC7-B8E6-4A2E-86DA-95604B5DB3F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{82223F1B-E3E6-4AF4-90D6-1EFE2B915501}" = lport=137 | protocol=17 | dir=in | app=system |
"{9547474B-A7D5-42F8-9665-AF37D113CC61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B635F82A-DD9A-4A45-8AB4-90BBC3CA0F13}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBEE5015-0BA3-4BD8-82FF-4ADC29448508}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1C45677-C154-4B69-AE03-5F86A20F65BD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0022B6F1-4189-411A-9CC7-16D3E5F85B05}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{01A318EF-1D3D-487C-A2B8-3DB7916207B9}" = protocol=1 | dir=out | [email protected],-28544 |
"{052F3C07-3AE3-493C-B8F6-0EE6A483AF2A}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{085A49E2-09B2-4678-ABD9-ABEEC723C46C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0A759F7D-4116-422F-B650-83AF42D47233}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{0B0C296D-322E-41A3-A558-94A82EC98E62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{162569D2-1D83-47F3-A830-78F4FC792DA2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1A734372-52D7-436E-9D00-14F56413EE24}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{1F2C3B31-DF0D-4561-9D20-7EEEECE9A838}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{238CBF93-181C-496F-8FB1-E781C415D175}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{2E899EC9-FF02-4952-8A7A-E2DD62156372}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F6487CB-7C36-4073-A714-C07BCEADEE7D}" = protocol=58 | dir=out | [email protected],-28546 |
"{37A15A7E-5A6B-4EDC-9799-A854FAE30C01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{38DC1F46-6EF7-49F9-A0D5-4F8CE3DFDCAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{449BB237-6993-455B-AE20-86F19B8ADB02}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F023A69-76F9-46A3-9376-2315ECFF8C3E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{56E1C7C2-C1F8-4AA9-9C99-AA23D172ED2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{56F453EE-1FE3-4A55-AE71-1FBFC9DC97CD}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{5B167275-8EA1-47F3-BB1E-395F39E59025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5D73BD3B-F6AD-4845-9192-340FD00BE82C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5FAAB370-35A4-483A-A483-CF59E4FCF64A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{60547672-D26A-4754-B721-55A8FF26E7A3}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{628726BB-B120-4713-902E-C066CD1706DF}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{65B84A74-54C9-43C5-945D-A91005A71AF6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{6B2987AF-C63B-4D82-A0E7-DD2385257BBE}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{74B015F5-4E97-43E8-A9AE-1006E413E8E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7977FF99-2CC1-4AD9-9E4A-E440A1D6D834}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{85D65DFE-7C64-4605-B6FA-21B2BAEE0218}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{85DE0597-FD17-4F0B-BF0C-7723DD3D0D46}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8668AA27-65BC-4FF0-BA9F-FACE96D6CAAD}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8FB2E442-21F5-491D-B246-EF858E4A5DD6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{91D84927-2CDB-46EB-A2B7-3F6A3A894FC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95C519AD-3160-4AE6-9BA2-67D6E6300DBA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CC3DF03-3451-459E-BFBF-1B2FC44B9F55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9FF945C9-D3CE-4520-B082-7A36AF277AF9}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A46D5082-54D4-465F-BDF5-3846F04DA900}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A96EE951-91BA-4AF1-B89C-03B81A85FA06}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{ACA28629-DB9A-41E4-A47C-3A2FB436230C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AD759016-5028-437D-AAED-2C6B3F105868}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{ADCD8F4E-495B-4CAB-A4B7-29CEF2900295}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BC142752-54D9-4EFF-9C0A-EB5E480C0448}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BE8B1420-C6D4-44B9-9833-EDFB2BB922F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{C5292FCA-A910-43A7-9423-A7CD72E6456F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{D18C8CB1-D0A8-4E1F-8335-123302A1E4E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{DECA9B41-B267-45E5-8A5E-35EFEF5C926A}" = protocol=1 | dir=in | [email protected],-28543 |
"{F77037BA-60A5-4C91-91A8-0E0E3029602B}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{F8BED84C-BD7C-4C44-A02F-AB9921238143}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FA8C1F2A-F973-442F-BC31-641F67C76C82}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FDD928EC-A61A-4073-974F-956B78406042}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"TCP Query User{1829060D-62B5-4F08-920F-F4F643EFA910}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{1D47D97C-DF02-4FC8-A5DD-89FE2FBADF2A}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"TCP Query User{2FD0CBEC-F137-4583-B05F-8B1A2ED073F2}C:\users\alex\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"TCP Query User{30CE7D55-E1C0-40B3-80CD-DCDF04A980C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{30D2992F-CC04-403C-B582-91E5B27266EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33C5C8A8-9F2E-4331-970E-3C51E70722A1}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{3834DD30-F508-4387-82C9-18E3D201DC11}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"TCP Query User{3C0FFFAE-BDFC-4FAD-987A-8ABA0946410F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{42E4A520-A33B-48E1-80A6-B07C5E8B2F16}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{57E4977F-7AA9-4904-8DC7-C589A2A9E574}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{68D4A33F-33F1-440D-ACB9-C42DD797FD22}C:\program files\surfoffline 2\so.exe" = protocol=6 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"TCP Query User{78A7EE0E-0647-4FEF-AC26-8B6D743133A3}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"TCP Query User{7A23A9EC-9CC3-4226-9DD5-C2682FB56ED0}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"TCP Query User{7D6C0D17-F4D7-4A22-9CC4-9AEBE01CCA4E}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{8678FC81-2728-4571-A37F-ACA241819491}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |
"TCP Query User{971DF3D5-F179-473A-9142-9C519389FE97}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{B42501B5-7770-427B-B2E4-C17F4C15CABA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{D881930A-685D-441A-ADCD-BD2192A33580}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DC0E3183-652B-465F-B6E3-6B0F880E66EB}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"TCP Query User{E35F87D0-E203-4CB4-ACDE-DA1E1AD50D7B}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"TCP Query User{E5AD1E08-8E97-4C8D-9AC0-D5F2B0125D30}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"TCP Query User{F8D5AF4E-0D16-46E0-80C6-4A2315567DDD}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{0AEAC2DC-E4C0-4B3C-9B8A-EDD7EF7CC11B}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"UDP Query User{114FA411-346A-43A8-B5C5-CA666BDFE5C1}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{300CEBD4-9E15-4416-BC1D-4EC197964C6D}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{357F8BF3-4F27-4CD9-ACF7-514D59D7B058}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{528A3A28-5772-452B-9660-4FC2700F0E1C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{73A88C11-E08C-44CA-9A7B-3C7BB60E1751}C:\users\alex\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"UDP Query User{90B02371-218D-4162-887D-08DED3AF7CE0}C:\program files\surfoffline 2\so.exe" = protocol=17 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"UDP Query User{A8B98736-E257-4384-A671-98A0BB6BD10D}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"UDP Query User{AC30836C-8602-4886-BEA1-8D6BCA3F9B3E}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{AE55290B-7DB0-4B57-9860-CD4F6212650F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B79C510D-EEA7-4BC8-A83E-5F98FC70296B}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{B8DC1893-8090-4505-9ACE-BC306624C4C6}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{D61DC1C3-5A89-4A25-B516-B2E15F03AE79}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{E48796F9-B6F8-4A77-A4FA-CB7FA74EBA72}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"UDP Query User{F160B9C5-2232-42C2-BCF2-E2ACC4A195FB}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{F204AC54-C863-42CD-AAD9-EBB595EC0075}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F441128E-475B-4F2C-A7FB-7F19F2197133}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F5FFB246-8AFC-4B90-8EB9-8BBD3E9F01D0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F8899988-8F1E-495C-87BC-673C71CFFD8E}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{FA3BB6E7-3A38-4307-B5B4-C8A94A2A6A86}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"UDP Query User{FB171E7E-46D0-4D48-9CCB-0BE455293748}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"UDP Query User{FD52A11E-63D4-49B6-B4DC-A4E5359AFDB9}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B1CCC26-8D5D-4C1D-BCFF-36821F7A365A}" = CraigsList Reader
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D87A9A8-62B0-486D-BA10-69A1F8963F43}" = NextUp-Acapela Elan Lucy22 UK English Voice
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E885D80-1F36-4A75-AD9A-B1676E484701}" = Soluto
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70E3A868-C269-4E6D-B225-862AADF7D0AF}" = Adobe Creative Suite 4 Production Premium
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9B20A26E-5233-474D-B83A-027D71D0DC32}" = NextUp-Acapela Elan Graham22 UK English Voice
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A595C6BC-D961-4BAD-ACB3-BE599870D1A1}" = NextUp-Acapela Elan Laura22 US English Voice
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA842D69-22DB-456E-95C7-A5C92593C7C4}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0928B04-FD1F-4FF1-8834-75A21C2B836C}" = OneNote Search and Replace
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E13249D4-C0D1-42E8-AF82-A117AA008A75}_is1" = XML:Wrench
"{E140C2EC-9D11-4EA6-AED0-79762A642AF6}" = Eudora
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_36ac9dc8c9a94feb9e5886810012e78" = Adobe Creative Suite 4 Production Premium
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.1.7
"Artisteer 2" = Artisteer 2
"ASIO4ALL v2" = ASIO4ALL v2
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.2
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"EditPad Lite" = Just Great Software EditPad Lite 6.6.0
"EditPad Pro 6" = Just Great Software EditPad Pro 6 DEMO 6.7.0
"FileZilla" = FileZilla (remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"IsoBuster_is1" = IsoBuster 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LookInMyPC" = LookInMyPC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.47b
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SABnzbd" = SABnzbd 0.6.2
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"SUPER ©" = SUPER © Version 2010.bld.41 (Oct 31, 2010)
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TextAloud MP3_is1" = TextAloud
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verbose" = Verbose Uninstall
"VLC media player" = VLC media player 1.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"VueScan" = VueScan
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.2" = ClosetMaid v1.5.2
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2011 4:32:33 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/11/2011 11:26:33 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2011 9:24:06 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2011 12:32:23 PM | Computer Name = desktop | Source = Application Hang | ID = 1002
Description = The program Roxio_Central33.exe version 3.30.65.4 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 89c Start Time: 01cbb404c8490e3c Termination Time: 2795

Error - 1/14/2011 8:15:21 PM | Computer Name = desktop | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x168dceb0, process id 0x734, application start time
0x01cbb2ad96fe3314.

Error - 1/14/2011 8:16:40 PM | Computer Name = desktop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9c4 Start Time: 01cbb4496f693d86 Termination Time: 115

Error - 1/14/2011 9:21:46 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/16/2011 1:15:35 PM | Computer Name = desktop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c0c Start Time: 01cbb4497ce45ef6 Termination Time: 1554

Error - 1/22/2011 6:54:26 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/23/2011 6:59:00 PM | Computer Name = desktop | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x13d6ceb0, process id 0x548, application start time
0x01cbb9bcd859965d.

[ Media Center Events ]
Error - 3/23/2009 12:08:21 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/23/2009 2:16:12 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/2/2009 11:50:55 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/3/2009 11:40:36 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/6/2009 11:40:44 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/25/2009 11:47:02 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/26/2009 1:52:28 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2009 9:07:18 AM | Computer Name = desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 1/4/2011 9:20:22 PM | Computer Name = desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

What other issues are you experiencing with your computer?

Do you recognize these files?

[2011/04/02 09:19:45 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p04].bmp
[2011/04/02 09:19:43 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p03].bmp


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2010/08/04 18:35:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-2442573536-1488855162-1681777626-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] File not found
    O33 - MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\Shell - "" = AutoRun
    O33 - MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\Shell\AutoRun\command - "" = H:\autorun.exe
    O33 - MountPoints2\{684e8748-fbba-11de-994d-00242135f33b}\Shell\AutoRun\command - "" = L:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
    O33 - MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\Shell\AutoRun\command - "" = F:\browser.exe
    O33 - MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\Shell\AutoRun\command - "" = I:\autorun.exe
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
    [2011/07/21 10:05:05 | 000,000,054 | ---- | M] () -- C:\Windows\System32\1085983136
    [2011/07/21 10:05:05 | 000,000,054 | ---- | C] () -- C:\Windows\System32\1085983136
    [2008/06/29 16:44:38 | 000,000,966 | ---- | C] () -- C:\Users\alex\AppData\Local\7F68A003.il
    [2008/06/29 16:44:38 | 000,000,280 | ---- | C] () -- C:\Users\alex\AppData\Local\IndexIE_7F68A003.il
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:527DAC91
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:87F27901
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.
  • 0

#9
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks so much for your help. Um, now that you mention Flash, I have been getting Flash errors for the last few months. I wish I could tell you what else has been happening, but I can't. Anyway, I'll reinstall Java and Adobe reader, and in the meantime, here's the OTL log:


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SetDefaultMIDI deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SetDefaultMIDI not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02af08c9-0d14-11dc-9838-0019b93a5155}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02af08c9-0d14-11dc-9838-0019b93a5155}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02af08c9-0d14-11dc-9838-0019b93a5155}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{684e8748-fbba-11de-994d-00242135f33b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684e8748-fbba-11de-994d-00242135f33b}\ not found.
L:\Setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878b7912-03d7-11dc-a193-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878b7912-03d7-11dc-a193-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878b7912-03d7-11dc-a193-806e6f6e6963}\ not found.
File F:\browser.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4d1d592-792d-11dd-98ea-0019b93a5155}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4d1d592-792d-11dd-98ea-0019b93a5155}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4d1d592-792d-11dd-98ea-0019b93a5155}\ not found.
File I:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
File L:\Setup.exe not found.
C:\Windows\System32\1085983136 moved successfully.
File C:\Windows\System32\1085983136 not found.
C:\Users\alex\AppData\Local\7F68A003.il moved successfully.
C:\Users\alex\AppData\Local\IndexIE_7F68A003.il moved successfully.
ADS C:\ProgramData\TEMP:527DAC91 deleted successfully.
ADS C:\ProgramData\TEMP:87F27901 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: alex
->Temp folder emptied: 57231 bytes
->Temporary Internet Files folder emptied: 320650 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 565072995 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6905 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Premiere Alex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89338 bytes
RecycleBin emptied: 232552873 bytes

Total Files Cleaned = 761.00 mb


[EMPTYFLASH]

User: alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Premiere Alex

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08072011_194806

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay, after you update Java and Adobe Reader do the following:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

Advertisements


#11
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I'm a little nervous about ComboFix...? It's pretty safe to use? Also, I'm not sure how I'd disable MS Security Essentials. Thanks again!
  • 0

#12
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Okay, I figured out how to disable Security Essentials.
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Yes, ComboFix is safe to use.
  • 0

#14
Alexandra D. Porsi

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Okay, here's the ComboFix log:


ComboFix 11-08-07.03 - alex 08/08/2011 9:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2037 [GMT -4:00]
Running from: c:\users\alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\90210.exe
C:\apnet.exe
c:\program files\Common Files\Uninstall.lnk
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.exe
c:\users\alex\AppData\Roaming\AD ON Multimedia
c:\users\alex\AppData\Roaming\Adobe\plugs
c:\users\alex\AppData\Roaming\Adobe\shed
c:\users\alex\AppData\Roaming\Microsoft\Windows\Cookies\Index_05970870.dat
c:\users\alex\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_05970870.dat
c:\windows\jestertb.dll
c:\windows\system32\Chip.dll
c:\windows\system32\Ijl11.dll
L:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 00:21 . 2011-08-08 00:21 -------- d-----w- c:\program files\Common Files\Java
2011-08-08 00:19 . 2011-08-08 00:19 -------- d-----w- c:\program files\Java
2011-08-07 23:48 . 2011-08-07 23:48 -------- d-----w- C:\_OTL
2011-08-05 17:55 . 2011-08-05 17:55 -------- d-----w- C:\_OTM
2011-07-28 19:37 . 2011-07-28 19:37 -------- d-----w- c:\users\alex\AppData\Roaming\SUPERAntiSpyware.com
2011-07-28 19:37 . 2011-07-28 19:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-28 14:04 . 2011-07-28 14:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-28 13:46 . 2011-07-30 17:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-28 13:35 . 2011-07-30 17:14 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-28 13:35 . 2011-07-28 13:46 -------- d-----w- c:\programdata\Hitman Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 00:19 . 2010-08-04 14:29 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-13 03:39 . 2011-08-07 18:19 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AD8E54B-A4D7-46A5-9D4F-6F156D8BEF8B}\mpengine.dll
2011-07-13 03:39 . 2010-04-18 05:41 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-06 23:52 . 2011-04-20 21:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-04-20 21:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 13:28 . 2011-06-30 13:28 1409 ----a-w- c:\windows\QTFont.for
2011-06-26 17:34 . 2011-05-20 01:35 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-06-20 20:19 . 2011-05-21 19:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-16 04:17 . 2011-03-23 22:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-31 611712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^systemcleaner.lnk]
path=c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemcleaner.lnk
backup=c:\windows\pss\systemcleaner.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 23:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-11-28 20:56 19456 ----a-w- c:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 04:55 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTXFIREG]
2009-06-04 04:50 47104 ----a-w- c:\windows\System32\CTxfiReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 19:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 13:07 8497696 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-13 21:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Shuffle]
2008-04-17 05:28 818176 ----a-w- c:\program files\Taskbar Shuffle\taskbarshuffle.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-10 00:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-09-28 20:46 155648 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 12:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2442573536-1488855162-1681777626-1000]
"EnableNotificationsRef"=dword:00000002
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 MpKsl1bf23d6f;MpKsl1bf23d6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89084963-FA40-4093-95AB-92A2054D77EF}\MpKsl1bf23d6f.sys [x]
R1 MpKsl3337b657;MpKsl3337b657;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D42C7F1-630E-45D2-94BD-ED6D6BB35ABB}\MpKsl3337b657.sys [x]
R1 MpKsl6ee2ca1b;MpKsl6ee2ca1b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{637DB2EB-08EE-4433-90DE-33436FE482C5}\MpKsl6ee2ca1b.sys [x]
R1 MpKsl7904df78;MpKsl7904df78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6424A73B-6D03-48AB-AC20-B803FDDF49A4}\MpKsl7904df78.sys [x]
R1 MpKsl982dcb7b;MpKsl982dcb7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{100D4037-5838-4345-85AF-128DB00068CD}\MpKsl982dcb7b.sys [x]
R1 MpKslc2eb13ce;MpKslc2eb13ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4DDE71D-CE56-41FA-ADAF-707584B08998}\MpKslc2eb13ce.sys [x]
R1 MpKslce392ecd;MpKslce392ecd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89084963-FA40-4093-95AB-92A2054D77EF}\MpKslce392ecd.sys [x]
R1 MpKslf36d410e;MpKslf36d410e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BC73FE5-04FB-4C60-8B4E-640442CCB045}\MpKslf36d410e.sys [x]
R2 gupdate1c931484e656eb;Google Update Service (gupdate1c931484e656eb);c:\program files\Google\Update\GoogleUpdate.exe [2008-10-18 133104]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-19 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2008-10-18 133104]
R3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-06-26 51144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-06-26 376352]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-13 00:47]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-18 17:36]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-18 17:36]
.
2011-08-08 c:\windows\Tasks\User_Feed_Synchronization-{7A482A68-0330-4A8D-9FD3-200B36A2F2C2}.job
- c:\windows\system32\msfeedssync.exe [2009-05-22 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.tumblr.com/dashboard
FF - prefs.js: keyword.URL - hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-34281086.sys
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-CalibrizeResume - c:\program files\Calibrize\CalibrizeResume.exe
MSConfigStartUp-CGFLoader - c:\program files\Calibrize\CalibrizeLoader.exe
MSConfigStartUp-FusionDesk - c:\program files\FusionDesk\FusionDesk.exe
MSConfigStartUp-Google Update - c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\ACDSee9.exe"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-08-08 10:00:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-08 14:00
.
Pre-Run: 75,451,875,328 bytes free
Post-Run: 75,261,964,288 bytes free
.
- - End Of File - - 0B4111099161799B61B67B811F87DBBA
  • 0

#15
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Your logs are looking better!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP