[noluv]

CLEANED MY COMPUTER FROM MALWARE INFECTION BUT NOW EXE FILES WILL NOT LOAD...IT SAYS CHOOSE WHICH PROGRAM YOU WOULD LIKE TO TO USE TO OPEN EXE FILE.
I NO LONGER HAVE THE ANTIVIRUS 2012 INFECTION..JUST CANT LOAD ANY EXE FILES ANY HELP WOULD BE APPRECIATED I DO ALOT OF WORK FROM MY COMPUTER THANKS

[Advertisements]

Hello noluv and welcome to my office here at G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first

• Download TheKiller to your Desktop
• Note that TheKiller is renamed as explorer.exe
• Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[maliprog]

Hello noluv and welcome to my office here at G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first

• Download TheKiller to your Desktop
• Note that TheKiller is renamed as explorer.exe
• Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[noluv]

thanks for responding and happy new year
i tried the killer but unfortunately i cant run exe files lol
which is the reason im having problems and contacted geekstogo
i also tried to dl otl and it jus pulled up a blank screen
sorry

[maliprog]

OK. Try to download and run this version. This is not exe file so you should be able run it.

• Download TheKiller.scr to your Desktop
• Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times

[noluv]

finally got killer to work somehow and now everythings works
heres otl text
OTL logfile created on: 1/3/2012 3:26:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 77.62% Memory free
11.74 Gb Paging File | 10.34 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 36.81 Gb Free Space | 13.13% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 15:25:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.scr
PRC - [2011/11/09 01:25:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 01:25:41 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 18:50:31 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/10/25 09:59:16 | 000,244,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/15 13:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/12/15 13:54:30 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/22 11:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/15 13:35:56 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.startnow....on=6.1-x64-SP1"
FF - prefs.js..keyword.URL: "http://www.startnow....6.1-x64-SP1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50808

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Raw from Noluv\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 09:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 14:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011/08/18 00:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 01:25:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/15 03:29:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 09:24:51 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2011/12/16 10:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2011/11/25 19:31:15 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/16 10:23:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{ab6dffa4-7154-4038-942b-d7105117b17b}
[2011/09/08 17:39:22 | 000,002,270 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\searchplugins\bing-zugo.xml
[2011/11/09 01:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/09 01:25:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 01:25:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.startnow....ion=6.1-x64-SP1
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: FS Extension = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3394_0\
CHR - Extension: FS Extension = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3394_0\.svn\text-base\.svn-base
CHR - Extension: Gmail = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/11/14 18:16:09 | 000,001,768 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 46.4.179.109 google.com
O1 - Hosts: 46.4.179.109 yahoo.com
O1 - Hosts: 46.4.179.109 bing.com
O1 - Hosts: 46.4.179.109 facebook.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files (x86)\FileServe Manager\FSStarter.exe (FileServe Limited)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AppleOnlineUpdate] C:\ProgramData\AppleOnlineUpdate.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Raw from Noluv\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize File not found
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: bdsripcab https://media.bdsrea...s/bdsripcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 05:13:50 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{E74A29E4-8D6E-4763-82AF-D976F89CB936}
[2011/12/28 05:13:39 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{A1128600-9750-4CA3-93BE-D8CC8DE3EC88}
[2011/12/25 20:11:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{B24AC08D-06E8-45A1-B8C7-06B2CD537F75}
[2011/12/25 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{74EB58F1-DE2A-4BE8-B578-26EB71B9B53D}
[2011/12/25 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{58DECD5D-F2A4-49E8-B174-4B949217F103}
[2011/12/24 21:00:06 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{73DD6DE7-3B4A-47E9-B6B0-BA03951A7B77}
[2011/12/24 20:14:44 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{89195B15-22DA-4977-A38D-5F7E28B12A2E}
[2011/12/24 19:59:58 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{BECBCF58-6118-472E-90C1-B775A4B497B1}
[2011/12/24 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{BB058574-BA9E-4682-906D-0ADAE52B69B8}
[2011/12/16 23:47:26 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{FC7E1640-D09C-4695-B5BC-0C3F0CD4024A}
[2011/12/16 18:59:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{70B794F1-1209-4F7E-98E6-0904BEEA3149}
[2011/12/16 10:23:23 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\AppleOnlineUpdate.dll
[2011/12/15 08:21:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{B7F147D6-8260-49D4-92BF-32D26EB0A30D}
[2011/12/15 08:20:36 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{78317BCF-D050-49A6-9485-88D8E74EFC6D}
[3 C:\Users\Raw from Noluv\Documents\*.tmp files -> C:\Users\Raw from Noluv\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/03 15:28:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2012/01/03 15:20:41 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 15:20:41 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2012/01/03 15:20:41 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/01/03 15:17:05 | 000,744,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/03 15:17:05 | 000,637,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/03 15:17:05 | 000,111,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/03 15:15:51 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2012/01/03 15:15:49 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/03 15:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 17:15:25 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2012/01/02 03:18:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 03:18:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 03:09:08 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 21:33:10 | 000,008,310 | -HS- | M] () -- C:\Users\Raw from Noluv\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/25 21:33:10 | 000,008,310 | -HS- | M] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/25 20:48:57 | 000,001,133 | ---- | M] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/25 20:48:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 20:30:57 | 000,709,968 | ---- | M] () -- C:\Windows\is-FR598.exe
[2011/12/25 20:30:57 | 000,010,498 | ---- | M] () -- C:\Windows\is-FR598.msg
[2011/12/25 20:30:57 | 000,000,393 | ---- | M] () -- C:\Windows\is-FR598.lst
[2011/12/24 18:55:50 | 000,001,189 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\vso_ts_preview.xml
[2011/12/15 08:19:35 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2011/12/15 08:19:20 | 004,980,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 13:24:32 | 000,000,113 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[3 C:\Users\Raw from Noluv\Documents\*.tmp files -> C:\Users\Raw from Noluv\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/12/25 20:30:57 | 000,010,498 | ---- | C] () -- C:\Windows\is-FR598.msg
[2011/12/25 20:30:57 | 000,000,393 | ---- | C] () -- C:\Windows\is-FR598.lst
[2011/12/25 20:06:14 | 000,001,133 | ---- | C] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/25 20:06:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 19:01:33 | 000,008,310 | -HS- | C] () -- C:\Users\Raw from Noluv\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/24 19:01:33 | 000,008,310 | -HS- | C] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/11/28 12:21:40 | 000,010,196 | -HS- | C] () -- C:\Users\Raw from Noluv\AppData\Local\cmxsyq6w8mug1qrb2ubg5m734u3w
[2011/11/28 12:21:40 | 000,010,196 | -HS- | C] () -- C:\ProgramData\cmxsyq6w8mug1qrb2ubg5m734u3w
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 01:33:28 | 000,001,189 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\vso_ts_preview.xml
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,113 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/19 09:45:49 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/14 18:22:13 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/01/02 20:35:52 | 000,000,000 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\chrtmp
[2010/12/26 22:15:11 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/12/25 13:03:10 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/20 03:48:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/20 03:39:38 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/20 03:39:38 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/07/11 01:09:02 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/11 00:08:27 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/13 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Acoustica
[2011/02/02 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Azureus
[2011/12/16 18:57:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\B9178
[2010/12/26 22:30:13 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\BITS
[2011/11/14 18:16:07 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\BS11ibbD3on4aH6
[2011/11/14 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\C1iibbD3onG
[2011/03/13 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/10 17:12:06 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\DMCache
[2010/12/31 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\DVDCreator
[2011/12/16 18:57:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\E24B9
[2010/12/26 23:30:08 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FlashGet
[2010/12/26 22:14:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FlashGetBHO
[2011/06/22 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FrostWire
[2011/11/14 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\fZZZqYCCwk
[2011/11/14 18:16:08 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\KJJJ7ffEL8
[2011/07/11 20:35:00 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\MPEG Streamclip
[2011/08/16 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\ooVoo Details
[2011/03/31 17:02:21 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\OpenCandy
[2011/03/17 13:25:58 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\PACE Anti-Piracy
[2011/12/25 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Raptr
[2011/11/14 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\roop77KRhVeItPy
[2011/04/08 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Sierra Wireless
[2011/01/28 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\SoftGrid Client
[2011/03/17 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/19 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\TP
[2011/08/25 10:20:14 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Uniblue
[2011/01/02 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\VitySoft
[2011/12/24 18:55:51 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Vso
[2011/01/14 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\WildTangent
[2011/02/08 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Windows Live Writer
[2011/03/31 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Xilisoft
[2011/11/14 19:58:02 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/01/02 17:15:25 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2012/01/03 15:15:51 | 000,000,964 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2012/01/03 15:20:41 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/12/25 20:33:59 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/10 22:48:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/01/02 18:48:28 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- C:\Users\Raw from Noluv\Downloads\explorer.exe
[2010/07/10 22:45:08 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/10 22:48:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/10 22:45:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/10 22:48:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/10 22:45:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/10 22:48:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/10 22:45:08 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/10 22:48:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/10 22:48:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 01:25:40 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 01:25:40 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 01:25:40 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 01:25:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/31 17:12:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/31 17:12:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/31 17:12:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/03/31 17:12:40 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/03/31 17:12:40 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/09 01:25:40 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/09 01:25:40 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/09 01:25:40 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/11/09 01:25:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: FIREFOX.EXE -SAFE-MODE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/31 17:12:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/31 17:12:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/31 17:12:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/03/31 17:12:40 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE [2011/03/31 17:12:40 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 951 bytes -> C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D:H7Cyqplf3icAKo7cs

< End of report >

Edited by noluv, 03 January 2012 - 02:52 PM.

[noluv]

extras
OTL Extras logfile created on: 1/3/2012 3:26:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 77.62% Memory free
11.74 Gb Paging File | 10.34 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 36.81 Gb Free Space | 13.13% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4647BF57-21C4-4BC8-BA1B-E57A30EE1D31}" = Sprint SmartView
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F69E48F2-94B0-4272-845C-5F21F2A9815F}" = HP Photosmart Printer Driver Software 13.0 Rel. 2
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{154F0971-04E6-49DB-9E9D-EE0108EC213A}" = PS_SF_02_ProductContext
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1" = FileServe Manager 1.0.0.3394
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8232F780-08F1-4894-AA3E-76529901E391}" = PS_SF_02_Software
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C64A995B-1A93-48CE-B93B-1EEDB096CBD7}" = PS_SF_02_Software_Min
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E797E7D2-D68C-4cb1-80D2-16049A8FBFB8}" = D5300_Help
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F306C5B6-70C5-4FDC-8C22-BEC5957579E4}" = D5300
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cinema Craft Encoder SP3" = Cinema Craft Encoder SP3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"oovootoolbar" = ooVoo Toolbar
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Raptr" = Raptr
"RealAlt_is1" = Real Alternative 1.9.0
"Search Toolbar" = Search Toolbar
"StartNow Toolbar" = StartNow Toolbar
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Video Convert Master_is1" = Video Convert Master 11.0.11.27
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6
"Xilisoft CD Ripper 6" = Xilisoft CD Ripper 6
"Xilisoft DVD Ripper Platinum 6" = Xilisoft DVD Ripper Platinum 6
"Xilisoft Video Converter Standard 6" = Xilisoft Video Converter Standard 6
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2011 1:19:48 AM | Computer Name = MMG | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/15/2011 1:19:51 AM | Computer Name = MMG | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/15/2011 1:19:51 AM | Computer Name = MMG | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/15/2011 7:01:50 PM | Computer Name = MMG | Source = Google Update | ID = 20
Description =

Error - 11/17/2011 3:55:29 AM | Computer Name = MMG | Source = Google Update | ID = 20
Description =

Error - 11/17/2011 12:26:47 PM | Computer Name = MMG | Source = Application Error | ID = 1000
Description = Faulting application name: lvvm.exe, version: 0.0.0.0, time stamp:
0x433ae654 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x005c8b2b Faulting process id: 0x1fe8 Faulting application
start time: 0x01cca545afd975db Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\B9178\lvvm.exe
Faulting
module path: unknown Report Id: f16ea3da-1138-11e1-9bb5-78acc03e8bd9

Error - 11/17/2011 12:27:10 PM | Computer Name = MMG | Source = Application Error | ID = 1000
Description = Faulting application name: lvvm.exe, version: 0.0.0.0, time stamp:
0x433ae654 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00628b2b Faulting process id: 0x11ec Faulting application
start time: 0x01cca545bea4735e Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\B9178\lvvm.exe
module path: unknown Report Id: feec34ec-1138-11e1-9bb5-78acc03e8bd9

Error - 11/17/2011 4:53:43 PM | Computer Name = MMG | Source = Google Update | ID = 20
Description =

Error - 11/18/2011 12:33:22 AM | Computer Name = MMG | Source = Google Update | ID = 20
Description =

Error - 11/18/2011 3:45:05 PM | Computer Name = MMG | Source = Google Update | ID = 20
Description =

[ Hewlett-Packard Events ]
Error - 12/30/2011 10:44:29 PM | Computer Name = MMG | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5882 Ram
Utilization: 20 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/30/2011 10:46:10 PM | Computer Name = MMG | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5882 Ram
Utilization: 20 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/31/2011 11:01:14 PM | Computer Name = MMG | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5882 Ram
Utilization: 10 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/31/2011 11:01:16 PM | Computer Name = MMG | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5882 Ram
Utilization: 10 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 1/2/2012 4:13:10 AM | Computer Name = MMG | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5882 Ram
Utilization: 20 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 1/2/2012 4:13:13 AM | Computer Name = MMG | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5882 Ram
Utilization: 20 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 1/2/2012 4:19:29 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5882 Ram Utilization: 30 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 1/2/2012 4:20:19 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5882 Ram Utilization: 30 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 1/2/2012 4:21:09 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5882 Ram Utilization: 30 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 1/2/2012 4:21:33 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5882 Ram Utilization: 30 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

[ HP Wireless Assistant Events ]
Error - 12/25/2010 7:01:20 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/25/2010 7:02:28 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/25/2010 7:03:36 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/25/2010 7:04:44 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/25/2010 7:05:51 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/22/2011 10:40:40 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/14/2011 8:49:04 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/19/2011 6:55:05 AM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/22/2011 9:48:53 AM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/14/2011 9:48:24 AM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7034
Description = The HP Software Framework Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7031
Description = The RtVOsdService Installer service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7034
Description = The HP Wireless Assistant Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7031
Description = The HP Support Assistant Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 120000 milliseconds: Restart the service.

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7031
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/3/2012 4:20:41 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

[maliprog]

Hi noluv,

Glad to hear that. We still have work to do...

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
  O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
  O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
  O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
  O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
  O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
  O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
  O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
  O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
  [2011/12/28 05:13:50 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{E74A29E4-8D6E-4763-82AF-D976F89CB936}
  [2011/12/28 05:13:39 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{A1128600-9750-4CA3-93BE-D8CC8DE3EC88}
  [2011/12/25 20:11:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{B24AC08D-06E8-45A1-B8C7-06B2CD537F75}
  [2011/12/25 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{74EB58F1-DE2A-4BE8-B578-26EB71B9B53D}
  [2011/12/25 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{58DECD5D-F2A4-49E8-B174-4B949217F103}
  [2011/12/24 21:00:06 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{73DD6DE7-3B4A-47E9-B6B0-BA03951A7B77}
  [2011/12/24 20:14:44 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{89195B15-22DA-4977-A38D-5F7E28B12A2E}
  [2011/12/24 19:59:58 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{BECBCF58-6118-472E-90C1-B775A4B497B1}
  [2011/12/24 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{BB058574-BA9E-4682-906D-0ADAE52B69B8}
  [2011/12/16 23:47:26 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{FC7E1640-D09C-4695-B5BC-0C3F0CD4024A}
  [2011/12/16 18:59:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{70B794F1-1209-4F7E-98E6-0904BEEA3149}
  [2011/12/15 08:21:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{B7F147D6-8260-49D4-92BF-32D26EB0A30D}
  [2011/12/15 08:20:36 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\{78317BCF-D050-49A6-9485-88D8E74EFC6D}
  [2011/12/25 21:33:10 | 000,008,310 | -HS- | M] () -- C:\Users\Raw from Noluv\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
  [2011/12/25 21:33:10 | 000,008,310 | -HS- | M] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
  [2011/11/28 12:21:40 | 000,010,196 | -HS- | C] () -- C:\Users\Raw from Noluv\AppData\Local\cmxsyq6w8mug1qrb2ubg5m734u3w
  [2011/11/28 12:21:40 | 000,010,196 | -HS- | C] () -- C:\ProgramData\cmxsyq6w8mug1qrb2ubg5m734u3w
  [2011/11/14 18:16:07 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\BS11ibbD3on4aH6
  [2011/11/14 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\C1iibbD3onG
  [2011/11/14 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\fZZZqYCCwk
  [2011/11/14 18:16:08 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\KJJJ7ffEL8
  [2011/11/14 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\roop77KRhVeItPy
  @Alternate Data Stream - 951 bytes -> C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D:H7Cyqplf3icAKo7cs
  
  :Files
  C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D
  C:\Users\Raw from Noluv\AppData\Roaming\BS11ibbD3on4aH6
  C:\ProgramData\cmxsyq6w8mug1qrb2ubg5m734u3w
  C:\Users\Raw from Noluv\AppData\Local\cmxsyq6w8mug1qrb2ubg5m734u3w
  C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
  C:\Users\Raw from Noluv\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please update Malwarebytes and run Quick Scan. Post the log after the scan.

Step 3

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4


Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log
• TDSSKiller log

It would be helpful if you could post each log in separate post

[noluv]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully.
C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Raw from Noluv\AppData\Local\{E74A29E4-8D6E-4763-82AF-D976F89CB936} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{A1128600-9750-4CA3-93BE-D8CC8DE3EC88} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{B24AC08D-06E8-45A1-B8C7-06B2CD537F75} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{74EB58F1-DE2A-4BE8-B578-26EB71B9B53D} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{58DECD5D-F2A4-49E8-B174-4B949217F103} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{73DD6DE7-3B4A-47E9-B6B0-BA03951A7B77} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{89195B15-22DA-4977-A38D-5F7E28B12A2E} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{BECBCF58-6118-472E-90C1-B775A4B497B1} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{BB058574-BA9E-4682-906D-0ADAE52B69B8} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{FC7E1640-D09C-4695-B5BC-0C3F0CD4024A} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{70B794F1-1209-4F7E-98E6-0904BEEA3149} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{B7F147D6-8260-49D4-92BF-32D26EB0A30D} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\{78317BCF-D050-49A6-9485-88D8E74EFC6D} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x moved successfully.
C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x moved successfully.
C:\Users\Raw from Noluv\AppData\Local\cmxsyq6w8mug1qrb2ubg5m734u3w moved successfully.
C:\ProgramData\cmxsyq6w8mug1qrb2ubg5m734u3w moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\BS11ibbD3on4aH6 folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\C1iibbD3onG folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\fZZZqYCCwk folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\KJJJ7ffEL8 folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\roop77KRhVeItPy folder moved successfully.
ADS C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D:H7Cyqplf3icAKo7cs deleted successfully.
========== FILES ==========
C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D folder moved successfully.
File\Folder C:\Users\Raw from Noluv\AppData\Roaming\BS11ibbD3on4aH6 not found.
File\Folder C:\ProgramData\cmxsyq6w8mug1qrb2ubg5m734u3w not found.
File\Folder C:\Users\Raw from Noluv\AppData\Local\cmxsyq6w8mug1qrb2ubg5m734u3w not found.
File\Folder C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x not found.
File\Folder C:\Users\Raw from Noluv\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Raw from Noluv
->Temp folder emptied: 90076830 bytes
->Temporary Internet Files folder emptied: 7163820 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58007838 bytes
->Google Chrome cache emptied: 187408062 bytes
->Flash cache emptied: 7592 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16994721 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16019698577 bytes

Total Files Cleaned = 15,621.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01042012_192638

Files\Folders moved on Reboot...
C:\Users\Raw from Noluv\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[noluv]

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Raw from Noluv :: MMG [administrator]

1/4/2012 7:35:14 PM
mbam-log-2012-01-04 (19-35-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186829
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Raw from Noluv\Downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

[noluv]

19:51:06.0662 5280 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:51:07.0097 5280 ============================================================
19:51:07.0097 5280 Current date / time: 2012/01/04 19:51:07.0097
19:51:07.0097 5280 SystemInfo:
19:51:07.0097 5280
19:51:07.0097 5280 OS Version: 6.1.7601 ServicePack: 1.0
19:51:07.0097 5280 Product type: Workstation
19:51:07.0097 5280 ComputerName: MMG
19:51:07.0098 5280 UserName: Raw from Noluv
19:51:07.0098 5280 Windows directory: C:\Windows
19:51:07.0098 5280 System windows directory: C:\Windows
19:51:07.0098 5280 Running under WOW64
19:51:07.0098 5280 Processor architecture: Intel x64
19:51:07.0098 5280 Number of processors: 2
19:51:07.0098 5280 Page size: 0x1000
19:51:07.0098 5280 Boot type: Normal boot
19:51:07.0098 5280 ============================================================
19:51:08.0924 5280 Initialize success
19:51:11.0345 4668 ============================================================
19:51:11.0345 4668 Scan started
19:51:11.0345 4668 Mode: Manual;
19:51:11.0345 4668 ============================================================
19:51:12.0534 4668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:51:12.0560 4668 1394ohci - ok
19:51:12.0768 4668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:51:12.0776 4668 ACPI - ok
19:51:12.0818 4668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:51:12.0821 4668 AcpiPmi - ok
19:51:12.0868 4668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:12.0892 4668 adp94xx - ok
19:51:12.0953 4668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:51:12.0963 4668 adpahci - ok
19:51:13.0008 4668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:51:13.0014 4668 adpu320 - ok
19:51:13.0106 4668 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:51:13.0129 4668 AFD - ok
19:51:13.0202 4668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:51:13.0206 4668 agp440 - ok
19:51:13.0257 4668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:51:13.0260 4668 aliide - ok
19:51:13.0303 4668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:51:13.0306 4668 amdide - ok
19:51:13.0347 4668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:51:13.0351 4668 AmdK8 - ok
19:51:13.0610 4668 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
19:51:13.0843 4668 amdkmdag - ok
19:51:13.0901 4668 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
19:51:13.0906 4668 amdkmdap - ok
19:51:13.0948 4668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:51:13.0949 4668 AmdPPM - ok
19:51:13.0994 4668 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
19:51:13.0996 4668 amdsata - ok
19:51:14.0090 4668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:14.0096 4668 amdsbs - ok
19:51:14.0128 4668 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
19:51:14.0129 4668 amdxata - ok
19:51:14.0192 4668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:51:14.0195 4668 AppID - ok
19:51:14.0248 4668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:51:14.0252 4668 arc - ok
19:51:14.0290 4668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:51:14.0294 4668 arcsas - ok
19:51:14.0323 4668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:14.0326 4668 AsyncMac - ok
19:51:14.0362 4668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:51:14.0363 4668 atapi - ok
19:51:14.0485 4668 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
19:51:14.0588 4668 athr - ok
19:51:14.0657 4668 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
19:51:14.0660 4668 AtiHdmiService - ok
19:51:14.0694 4668 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:51:14.0695 4668 AtiPcie - ok
19:51:14.0762 4668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:51:14.0774 4668 b06bdrv - ok
19:51:14.0815 4668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:51:14.0823 4668 b57nd60a - ok
19:51:14.0891 4668 bcm (d1ba00d7cb6c1fbf29dc8935d8525d22) C:\Windows\system32\DRIVERS\drxvi314_64.sys
19:51:14.0901 4668 bcm - ok
19:51:14.0929 4668 bcmbusctr (5ccd19e7fa04db87adf171fa702a4169) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
19:51:14.0934 4668 bcmbusctr - ok
19:51:14.0969 4668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:51:14.0971 4668 Beep - ok
19:51:15.0020 4668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:15.0023 4668 blbdrive - ok
19:51:15.0077 4668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:51:15.0080 4668 bowser - ok
19:51:15.0111 4668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:15.0114 4668 BrFiltLo - ok
19:51:15.0157 4668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:15.0160 4668 BrFiltUp - ok
19:51:15.0223 4668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:51:15.0231 4668 Brserid - ok
19:51:15.0275 4668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:15.0278 4668 BrSerWdm - ok
19:51:15.0318 4668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:15.0320 4668 BrUsbMdm - ok
19:51:15.0359 4668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:15.0362 4668 BrUsbSer - ok
19:51:15.0395 4668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:15.0399 4668 BTHMODEM - ok
19:51:15.0461 4668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:51:15.0465 4668 cdfs - ok
19:51:15.0507 4668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:51:15.0512 4668 cdrom - ok
19:51:15.0564 4668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:51:15.0567 4668 circlass - ok
19:51:15.0621 4668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:51:15.0632 4668 CLFS - ok
19:51:15.0703 4668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:15.0705 4668 CmBatt - ok
19:51:15.0744 4668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:51:15.0746 4668 cmdide - ok
19:51:15.0811 4668 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:51:15.0821 4668 CNG - ok
19:51:15.0863 4668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:51:15.0864 4668 Compbatt - ok
19:51:15.0893 4668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:51:15.0896 4668 CompositeBus - ok
19:51:15.0937 4668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:51:15.0940 4668 crcdisk - ok
19:51:16.0028 4668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:51:16.0033 4668 DfsC - ok
19:51:16.0078 4668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:51:16.0079 4668 discache - ok
19:51:16.0101 4668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:51:16.0104 4668 Disk - ok
19:51:16.0172 4668 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:51:16.0178 4668 Dot4 - ok
19:51:16.0207 4668 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:51:16.0210 4668 Dot4Print - ok
19:51:16.0236 4668 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:51:16.0239 4668 dot4usb - ok
19:51:16.0283 4668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:51:16.0285 4668 drmkaud - ok
19:51:16.0364 4668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:51:16.0379 4668 DXGKrnl - ok
19:51:16.0506 4668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:51:16.0611 4668 ebdrv - ok
19:51:16.0681 4668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:51:16.0705 4668 elxstor - ok
19:51:16.0743 4668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:51:16.0745 4668 ErrDev - ok
19:51:16.0811 4668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:51:16.0818 4668 exfat - ok
19:51:16.0847 4668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:51:16.0854 4668 fastfat - ok
19:51:16.0899 4668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:51:16.0902 4668 fdc - ok
19:51:16.0945 4668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:51:16.0948 4668 FileInfo - ok
19:51:16.0974 4668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:51:16.0977 4668 Filetrace - ok
19:51:17.0017 4668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:17.0020 4668 flpydisk - ok
19:51:17.0085 4668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:51:17.0092 4668 FltMgr - ok
19:51:17.0145 4668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:51:17.0148 4668 FsDepends - ok
19:51:17.0207 4668 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:51:17.0210 4668 fssfltr - ok
19:51:17.0245 4668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:51:17.0247 4668 Fs_Rec - ok
19:51:17.0306 4668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:51:17.0312 4668 fvevol - ok
19:51:17.0341 4668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:51:17.0345 4668 gagp30kx - ok
19:51:17.0418 4668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:51:17.0420 4668 hcw85cir - ok
19:51:17.0471 4668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:51:17.0480 4668 HdAudAddService - ok
19:51:17.0520 4668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:51:17.0524 4668 HDAudBus - ok
19:51:17.0568 4668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:51:17.0571 4668 HidBatt - ok
19:51:17.0616 4668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:51:17.0620 4668 HidBth - ok
19:51:17.0646 4668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:51:17.0649 4668 HidIr - ok
19:51:17.0691 4668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:51:17.0695 4668 HidUsb - ok
19:51:17.0836 4668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:51:17.0840 4668 HpSAMD - ok
19:51:17.0931 4668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:51:17.0967 4668 HTTP - ok
19:51:18.0020 4668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:51:18.0021 4668 hwpolicy - ok
19:51:18.0061 4668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:51:18.0065 4668 i8042prt - ok
19:51:18.0120 4668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:51:18.0130 4668 iaStorV - ok
19:51:18.0358 4668 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:51:18.0545 4668 igfx - ok
19:51:18.0584 4668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:51:18.0587 4668 iirsp - ok
19:51:18.0707 4668 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
19:51:18.0746 4668 IntcAzAudAddService - ok
19:51:18.0777 4668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:51:18.0780 4668 intelide - ok
19:51:18.0827 4668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:51:18.0831 4668 intelppm - ok
19:51:18.0883 4668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:18.0887 4668 IpFilterDriver - ok
19:51:18.0937 4668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:51:18.0941 4668 IPMIDRV - ok
19:51:18.0981 4668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:51:18.0985 4668 IPNAT - ok
19:51:19.0008 4668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:51:19.0010 4668 IRENUM - ok
19:51:19.0052 4668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:51:19.0056 4668 isapnp - ok
19:51:19.0095 4668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:51:19.0103 4668 iScsiPrt - ok
19:51:19.0135 4668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:51:19.0137 4668 kbdclass - ok
19:51:19.0176 4668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:51:19.0179 4668 kbdhid - ok
19:51:19.0252 4668 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:51:19.0255 4668 KSecDD - ok
19:51:19.0319 4668 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:51:19.0324 4668 KSecPkg - ok
19:51:19.0353 4668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:51:19.0356 4668 ksthunk - ok
19:51:19.0421 4668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:51:19.0424 4668 lltdio - ok
19:51:19.0497 4668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:51:19.0501 4668 LSI_FC - ok
19:51:19.0551 4668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:51:19.0556 4668 LSI_SAS - ok
19:51:19.0613 4668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:51:19.0617 4668 LSI_SAS2 - ok
19:51:19.0664 4668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:51:19.0669 4668 LSI_SCSI - ok
19:51:19.0705 4668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:51:19.0709 4668 luafv - ok
19:51:19.0768 4668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:51:19.0771 4668 megasas - ok
19:51:19.0811 4668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:51:19.0819 4668 MegaSR - ok
19:51:19.0870 4668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:51:19.0874 4668 Modem - ok
19:51:19.0895 4668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:51:19.0897 4668 monitor - ok
19:51:19.0948 4668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:51:19.0950 4668 mouclass - ok
19:51:19.0990 4668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:51:19.0993 4668 mouhid - ok
19:51:20.0046 4668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:51:20.0050 4668 mountmgr - ok
19:51:20.0091 4668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:51:20.0097 4668 mpio - ok
19:51:20.0135 4668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:51:20.0139 4668 mpsdrv - ok
19:51:20.0203 4668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:51:20.0209 4668 MRxDAV - ok
19:51:20.0274 4668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:20.0279 4668 mrxsmb - ok
19:51:20.0340 4668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:20.0347 4668 mrxsmb10 - ok
19:51:20.0371 4668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:20.0375 4668 mrxsmb20 - ok
19:51:20.0407 4668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:51:20.0409 4668 msahci - ok
19:51:20.0458 4668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:51:20.0465 4668 msdsm - ok
19:51:20.0525 4668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:51:20.0528 4668 Msfs - ok
19:51:20.0550 4668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:51:20.0552 4668 mshidkmdf - ok
19:51:20.0593 4668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:51:20.0594 4668 msisadrv - ok
19:51:20.0637 4668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:51:20.0640 4668 MSKSSRV - ok
19:51:20.0666 4668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:20.0668 4668 MSPCLOCK - ok
19:51:20.0704 4668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:51:20.0707 4668 MSPQM - ok
19:51:20.0770 4668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:51:20.0780 4668 MsRPC - ok
19:51:20.0826 4668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:51:20.0827 4668 mssmbios - ok
19:51:20.0869 4668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:51:20.0871 4668 MSTEE - ok
19:51:20.0906 4668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:51:20.0909 4668 MTConfig - ok
19:51:20.0938 4668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:51:20.0940 4668 Mup - ok
19:51:20.0989 4668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:51:20.0997 4668 NativeWifiP - ok
19:51:21.0082 4668 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:51:21.0117 4668 NDIS - ok
19:51:21.0149 4668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:21.0152 4668 NdisCap - ok
19:51:21.0193 4668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:21.0196 4668 NdisTapi - ok
19:51:21.0254 4668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:21.0257 4668 Ndisuio - ok
19:51:21.0316 4668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:21.0321 4668 NdisWan - ok
19:51:21.0379 4668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:51:21.0383 4668 NDProxy - ok
19:51:21.0430 4668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:51:21.0440 4668 NetBIOS - ok
19:51:21.0524 4668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:51:21.0531 4668 NetBT - ok
19:51:21.0738 4668 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:51:21.0902 4668 netw5v64 - ok
19:51:21.0938 4668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:51:21.0941 4668 nfrd960 - ok
19:51:21.0990 4668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:51:21.0993 4668 Npfs - ok
19:51:22.0023 4668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:51:22.0025 4668 nsiproxy - ok
19:51:22.0123 4668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:51:22.0182 4668 Ntfs - ok
19:51:22.0233 4668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:51:22.0235 4668 Null - ok
19:51:22.0274 4668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:51:22.0279 4668 nvraid - ok
19:51:22.0309 4668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:51:22.0316 4668 nvstor - ok
19:51:22.0367 4668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:51:22.0373 4668 nv_agp - ok
19:51:22.0435 4668 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys
19:51:22.0442 4668 NWADI - ok
19:51:22.0479 4668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:51:22.0482 4668 ohci1394 - ok
19:51:22.0558 4668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:51:22.0562 4668 Parport - ok
19:51:22.0621 4668 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:51:22.0624 4668 partmgr - ok
19:51:22.0668 4668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:51:22.0673 4668 pci - ok
19:51:22.0708 4668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:51:22.0711 4668 pciide - ok
19:51:22.0753 4668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:22.0760 4668 pcmcia - ok
19:51:22.0834 4668 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
19:51:22.0839 4668 PCTINDIS5X64 - ok
19:51:23.0037 4668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:51:23.0039 4668 pcw - ok
19:51:23.0085 4668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:51:23.0110 4668 PEAUTH - ok
19:51:23.0276 4668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:51:23.0280 4668 PptpMiniport - ok
19:51:23.0316 4668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:51:23.0319 4668 Processor - ok
19:51:23.0393 4668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:51:23.0397 4668 Psched - ok
19:51:23.0451 4668 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:51:23.0453 4668 PxHlpa64 - ok
19:51:23.0558 4668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:51:23.0638 4668 ql2300 - ok
19:51:23.0680 4668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:51:23.0685 4668 ql40xx - ok
19:51:23.0742 4668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:51:23.0745 4668 QWAVEdrv - ok
19:51:23.0771 4668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:51:23.0773 4668 RasAcd - ok
19:51:23.0816 4668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:23.0819 4668 RasAgileVpn - ok
19:51:23.0887 4668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:23.0892 4668 Rasl2tp - ok
19:51:23.0940 4668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:23.0944 4668 RasPppoe - ok
19:51:23.0971 4668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:51:23.0977 4668 RasSstp - ok
19:51:24.0039 4668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:51:24.0047 4668 rdbss - ok
19:51:24.0089 4668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:51:24.0093 4668 rdpbus - ok
19:51:24.0137 4668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:24.0138 4668 RDPCDD - ok
19:51:24.0160 4668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:51:24.0161 4668 RDPENCDD - ok
19:51:24.0188 4668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:51:24.0189 4668 RDPREFMP - ok
19:51:24.0252 4668 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:51:24.0258 4668 RDPWD - ok
19:51:24.0317 4668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:51:24.0323 4668 rdyboost - ok
19:51:24.0395 4668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:51:24.0398 4668 rspndr - ok
19:51:24.0434 4668 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
19:51:24.0438 4668 RSUSBSTOR - ok
19:51:24.0501 4668 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:51:24.0510 4668 RTL8167 - ok
19:51:24.0559 4668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:51:24.0563 4668 sbp2port - ok
19:51:24.0617 4668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:51:24.0620 4668 scfilter - ok
19:51:24.0682 4668 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
19:51:24.0686 4668 sdbus - ok
19:51:24.0732 4668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:51:24.0735 4668 secdrv - ok
19:51:24.0787 4668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:51:24.0790 4668 Serenum - ok
19:51:24.0826 4668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:51:24.0830 4668 Serial - ok
19:51:24.0862 4668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:51:24.0865 4668 sermouse - ok
19:51:24.0926 4668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:51:24.0928 4668 sffdisk - ok
19:51:24.0951 4668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:51:24.0954 4668 sffp_mmc - ok
19:51:24.0981 4668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:51:24.0984 4668 sffp_sd - ok
19:51:25.0030 4668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:51:25.0033 4668 sfloppy - ok
19:51:25.0117 4668 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:51:25.0129 4668 Sftfs - ok
19:51:25.0203 4668 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:51:25.0207 4668 Sftplay - ok
19:51:25.0230 4668 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:51:25.0231 4668 Sftredir - ok
19:51:25.0288 4668 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:51:25.0289 4668 Sftvol - ok
19:51:25.0375 4668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:51:25.0378 4668 SiSRaid2 - ok
19:51:25.0426 4668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:51:25.0431 4668 SiSRaid4 - ok
19:51:25.0485 4668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:51:25.0489 4668 Smb - ok
19:51:25.0558 4668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:51:25.0559 4668 spldr - ok
19:51:25.0665 4668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:51:25.0676 4668 srv - ok
19:51:25.0745 4668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:51:25.0756 4668 srv2 - ok
19:51:25.0803 4668 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:51:25.0812 4668 SrvHsfHDA - ok
19:51:25.0876 4668 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:51:25.0955 4668 SrvHsfV92 - ok
19:51:26.0015 4668 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:51:26.0050 4668 SrvHsfWinac - ok
19:51:26.0134 4668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:51:26.0139 4668 srvnet - ok
19:51:26.0194 4668 ssadbus (866f8212ef7e75bac8bca03331e30cb4) C:\Windows\system32\DRIVERS\ssadbus.sys
19:51:26.0199 4668 ssadbus - ok
19:51:26.0228 4668 ssadmdfl (73e2ba39e7eb024dc686412e2e924a74) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:51:26.0232 4668 ssadmdfl - ok
19:51:26.0266 4668 ssadmdm (74b032d6c1e36ae2f790752fde8ce055) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:51:26.0272 4668 ssadmdm - ok
19:51:26.0316 4668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:51:26.0319 4668 stexstor - ok
19:51:26.0366 4668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:51:26.0367 4668 swenum - ok
19:51:26.0420 4668 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
19:51:26.0427 4668 swmx00 - ok
19:51:26.0473 4668 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys
19:51:26.0482 4668 SWNC5E00 - ok
19:51:26.0554 4668 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
19:51:26.0559 4668 SynTP - ok
19:51:26.0685 4668 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:51:26.0744 4668 Tcpip - ok
19:51:26.0839 4668 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:51:26.0867 4668 TCPIP6 - ok
19:51:26.0937 4668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:51:26.0940 4668 tcpipreg - ok
19:51:26.0984 4668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:51:26.0987 4668 TDPIPE - ok
19:51:27.0002 4668 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:51:27.0004 4668 TDTCP - ok
19:51:27.0065 4668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:51:27.0071 4668 tdx - ok
19:51:27.0105 4668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:51:27.0107 4668 TermDD - ok
19:51:27.0204 4668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:27.0207 4668 tssecsrv - ok
19:51:27.0252 4668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:51:27.0256 4668 TsUsbFlt - ok
19:51:27.0311 4668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:51:27.0316 4668 tunnel - ok
19:51:27.0357 4668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:51:27.0361 4668 uagp35 - ok
19:51:27.0429 4668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:51:27.0438 4668 udfs - ok
19:51:27.0511 4668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:51:27.0514 4668 uliagpkx - ok
19:51:27.0549 4668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:51:27.0552 4668 umbus - ok
19:51:27.0584 4668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:51:27.0586 4668 UmPass - ok
19:51:27.0644 4668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:27.0648 4668 usbccgp - ok
19:51:27.0685 4668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:51:27.0689 4668 usbcir - ok
19:51:27.0728 4668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:51:27.0732 4668 usbehci - ok
19:51:27.0764 4668 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
19:51:27.0766 4668 usbfilter - ok
19:51:27.0818 4668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:51:27.0826 4668 usbhub - ok
19:51:27.0872 4668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:51:27.0875 4668 usbohci - ok
19:51:27.0908 4668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:51:27.0912 4668 usbprint - ok
19:51:27.0950 4668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:27.0953 4668 USBSTOR - ok
19:51:27.0979 4668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:51:27.0982 4668 usbuhci - ok
19:51:28.0055 4668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:51:28.0061 4668 usbvideo - ok
19:51:28.0107 4668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:51:28.0108 4668 vdrvroot - ok
19:51:28.0170 4668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:28.0173 4668 vga - ok
19:51:28.0203 4668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:51:28.0205 4668 VgaSave - ok
19:51:28.0252 4668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:51:28.0259 4668 vhdmp - ok
19:51:28.0292 4668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:51:28.0295 4668 viaide - ok
19:51:28.0335 4668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:51:28.0338 4668 volmgr - ok
19:51:28.0401 4668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:51:28.0410 4668 volmgrx - ok
19:51:28.0459 4668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:51:28.0467 4668 volsnap - ok
19:51:28.0520 4668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:51:28.0526 4668 vsmraid - ok
19:51:28.0570 4668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:28.0573 4668 vwifibus - ok
19:51:28.0599 4668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:28.0603 4668 vwififlt - ok
19:51:28.0670 4668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:51:28.0674 4668 WacomPen - ok
19:51:28.0735 4668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:51:28.0740 4668 WANARP - ok
19:51:28.0780 4668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:51:28.0783 4668 Wanarpv6 - ok
19:51:28.0855 4668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:51:28.0858 4668 Wd - ok
19:51:28.0910 4668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:51:28.0933 4668 Wdf01000 - ok
19:51:29.0001 4668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:29.0004 4668 WfpLwf - ok
19:51:29.0033 4668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:51:29.0036 4668 WIMMount - ok
19:51:29.0129 4668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:51:29.0130 4668 WmiAcpi - ok
19:51:29.0189 4668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:51:29.0192 4668 ws2ifsl - ok
19:51:29.0281 4668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:51:29.0286 4668 WudfPf - ok
19:51:29.0312 4668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:29.0318 4668 WUDFRd - ok
19:51:29.0382 4668 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:51:29.0392 4668 yukonw7 - ok
19:51:29.0438 4668 MBR (0x1B8) (5b0fe4f8b89e44902b10336475518e06) \Device\Harddisk0\DR0
19:51:29.0485 4668 \Device\Harddisk0\DR0 - ok
19:51:29.0529 4668 Boot (0x1200) (99a21f5a25140faac241fee80c2404f2) \Device\Harddisk0\DR0\Partition0
19:51:29.0532 4668 \Device\Harddisk0\DR0\Partition0 - ok
19:51:29.0556 4668 Boot (0x1200) (caf481e5cab69e0c1206485f1023e10c) \Device\Harddisk0\DR0\Partition1
19:51:29.0560 4668 \Device\Harddisk0\DR0\Partition1 - ok
19:51:29.0599 4668 Boot (0x1200) (b87ab114abf593134227c05262f4405c) \Device\Harddisk0\DR0\Partition2
19:51:29.0601 4668 \Device\Harddisk0\DR0\Partition2 - ok
19:51:29.0624 4668 Boot (0x1200) (ed8d8c573bf9a36e0c74345e5442d2c6) \Device\Harddisk0\DR0\Partition3
19:51:29.0625 4668 \Device\Harddisk0\DR0\Partition3 - ok
19:51:29.0626 4668 ============================================================
19:51:29.0626 4668 Scan finished
19:51:29.0626 4668 ============================================================
19:51:29.0653 1840 Detected object count: 0
19:51:29.0654 1840 Actual detected object count: 0










everything seems great thanks!!!!!!!!!!!lifesaver!!!!!!!!!!

[maliprog]

Hi noluv,

Good job!

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.