[Matt Smith]

I recently ran Lsp-Fix on my Win7 64x machine due to a recommendation on a malware removal forum, well, it has resulted in no web pages loading at all. Big mistake. I can connect to my wifi and it says it has internet but no webpages load, when I ping google via cmd, it times out, and tried directly connecting to the IP of google with no luck. Next thing I did is try to run this command:
ipconfig /release
pause
ipconfig /renew
pause
netsh winsock reset catalog
pause
netsh int ip reset reset.log
pause

But it resulted in an error on the netsh commands, stating something about the wshelper.dll not being available or something. Others had said it fixed their problem on Win7.
Is there Any way I can undo what LSP did? Or files I can replace to get it working again.

Misc Info:
I opened LSP-Fix and ran it with default settings.
I would like NOT to reinstall my OS.
I would do a system restore but it appears my system restore file is corrupt (not totally sure whats wrong).

Any help would be VERRYY appreciated.
Thanks,
Matt

Edited by Matt Smith, 04 January 2012 - 12:58 AM.

[Advertisements]

Hi Matt!

I assume you were experiencing some sort of issues with your internet not working properly to warrant running the LSP Fix tool. Do you happen to recall what the link for the tool was that you used?

Do you have access to a USB drive?

Kindest Regards,
ST.

[SweetTech]

Hi Matt!

I assume you were experiencing some sort of issues with your internet not working properly to warrant running the LSP Fix tool. Do you happen to recall what the link for the tool was that you used?

Do you have access to a USB drive?

Kindest Regards,
ST.

[Matt Smith]

I was experiencing constant redirections from clicking links on Google. http://www.cexx.org/lspfix.htm was where I got LSP from.
I do have a USB flash drive available. I am quite knowledgeable of computers so, no need to dumb stuff down. just stumped

[SweetTech]

Okay. Thanks for that information.

Were you able to get the issue with the Google redirects resolved, or do you not know because of the no internet issue? I'm just trying to get a better idea of where things are right now, so that I can figure out how we should go about fixing this.

[Matt Smith]

I have no idea if the redirects has been fixes due to the no internet. I did run spydoctor on the PC after the internet went dead and it found a few things. So could be fixed.. or not.

[SweetTech]

Okay, to be on the safe side, lets check to ensure everything is good. I'm going to move this thread to the malware forum, so we can run some more advanced tools.

---------


My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


You'll need to copy these files onto a USB drive, and run them on the computer that has no internet.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:




Running OTL

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

[Matt Smith]

Okay. Will get those downloaded and report back asap. Hopefully within the hour.

[SweetTech]

[Matt Smith]

Scanning with OTL now. Will have log posted when done.

[SweetTech]

Okay.

[Matt Smith]

TDSSkiller:
00:28:38.0469 0864 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:28:38.0485 0864 ============================================================
00:28:38.0485 0864 Current date / time: 2012/01/04 00:28:38.0485
00:28:38.0485 0864 SystemInfo:
00:28:38.0485 0864
00:28:38.0485 0864 OS Version: 6.1.7600 ServicePack: 0.0
00:28:38.0485 0864 Product type: Workstation
00:28:38.0485 0864 ComputerName: AEON
00:28:38.0485 0864 UserName: Mafu
00:28:38.0485 0864 Windows directory: C:\Windows
00:28:38.0485 0864 System windows directory: C:\Windows
00:28:38.0485 0864 Running under WOW64
00:28:38.0485 0864 Processor architecture: Intel x64
00:28:38.0485 0864 Number of processors: 2
00:28:38.0485 0864 Page size: 0x1000
00:28:38.0485 0864 Boot type: Normal boot
00:28:38.0485 0864 ============================================================
00:28:39.0483 0864 Initialize success
00:28:55.0505 4048 ============================================================
00:28:55.0505 4048 Scan started
00:28:55.0505 4048 Mode: Manual; SigCheck; TDLFS;
00:28:55.0505 4048 ============================================================
00:28:56.0846 4048 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:28:57.0002 4048 1394ohci - ok
00:28:57.0143 4048 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
00:28:57.0205 4048 Accelerometer - ok
00:28:57.0299 4048 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:28:57.0330 4048 ACPI - ok
00:28:57.0392 4048 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:28:57.0486 4048 AcpiPmi - ok
00:28:57.0642 4048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:28:57.0657 4048 adp94xx - ok
00:28:57.0767 4048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:28:57.0782 4048 adpahci - ok
00:28:57.0860 4048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:28:57.0907 4048 adpu320 - ok
00:28:58.0125 4048 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
00:28:58.0250 4048 AFD - ok
00:28:58.0360 4048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:28:58.0375 4048 agp440 - ok
00:28:58.0516 4048 Aken - ok
00:28:58.0656 4048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:28:58.0672 4048 aliide - ok
00:28:58.0687 4048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:28:58.0703 4048 amdide - ok
00:28:58.0734 4048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:28:58.0843 4048 AmdK8 - ok
00:28:59.0171 4048 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
00:28:59.0530 4048 amdkmdag - ok
00:28:59.0639 4048 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
00:28:59.0701 4048 amdkmdap - ok
00:28:59.0826 4048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:28:59.0888 4048 AmdPPM - ok
00:28:59.0982 4048 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
00:29:00.0029 4048 amdsata - ok
00:29:00.0122 4048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:29:00.0138 4048 amdsbs - ok
00:29:00.0216 4048 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
00:29:00.0216 4048 amdxata - ok
00:29:00.0341 4048 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:29:00.0434 4048 AppID - ok
00:29:00.0653 4048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:29:00.0668 4048 arc - ok
00:29:00.0762 4048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:29:00.0778 4048 arcsas - ok
00:29:01.0012 4048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:29:01.0183 4048 AsyncMac - ok
00:29:01.0261 4048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:29:01.0277 4048 atapi - ok
00:29:01.0464 4048 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
00:29:01.0573 4048 athr - ok
00:29:01.0745 4048 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
00:29:01.0776 4048 AtiHDAudioService - ok
00:29:01.0885 4048 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
00:29:01.0901 4048 AtiHdmiService - ok
00:29:02.0228 4048 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
00:29:02.0369 4048 atikmdag - ok
00:29:02.0525 4048 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:29:02.0540 4048 AtiPcie - ok
00:29:02.0603 4048 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
00:29:02.0696 4048 ATITool ( UnsignedFile.Multi.Generic ) - warning
00:29:02.0696 4048 ATITool - detected UnsignedFile.Multi.Generic (1)
00:29:02.0946 4048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:29:03.0040 4048 b06bdrv - ok
00:29:03.0133 4048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:29:03.0164 4048 b57nd60a - ok
00:29:03.0274 4048 BazisVirtualCDBus (326e77ea6e9bf27c7cd2837d65db96c7) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
00:29:03.0305 4048 BazisVirtualCDBus - ok
00:29:03.0383 4048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:29:03.0492 4048 Beep - ok
00:29:03.0523 4048 BlackBox - ok
00:29:03.0554 4048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:29:03.0601 4048 blbdrive - ok
00:29:03.0664 4048 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:29:03.0742 4048 bowser - ok
00:29:03.0820 4048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:29:03.0866 4048 BrFiltLo - ok
00:29:03.0960 4048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:29:04.0022 4048 BrFiltUp - ok
00:29:04.0085 4048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:29:04.0132 4048 Brserid - ok
00:29:04.0163 4048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:29:04.0210 4048 BrSerWdm - ok
00:29:04.0272 4048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:29:04.0303 4048 BrUsbMdm - ok
00:29:04.0366 4048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:29:04.0412 4048 BrUsbSer - ok
00:29:04.0444 4048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:29:04.0506 4048 BTHMODEM - ok
00:29:04.0600 4048 CbFs (d8466df7629a7acd2bed0cde206e5df9) C:\Windows\system32\drivers\cbfs.sys
00:29:04.0646 4048 CbFs - ok
00:29:04.0693 4048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:29:04.0818 4048 cdfs - ok
00:29:04.0912 4048 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:29:04.0943 4048 cdrom - ok
00:29:05.0005 4048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:29:05.0068 4048 circlass - ok
00:29:05.0270 4048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:29:05.0333 4048 CLFS - ok
00:29:05.0426 4048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:29:05.0489 4048 CmBatt - ok
00:29:05.0520 4048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:29:05.0536 4048 cmdide - ok
00:29:05.0660 4048 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
00:29:05.0723 4048 CNG - ok
00:29:05.0816 4048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:29:05.0863 4048 Compbatt - ok
00:29:05.0941 4048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:29:05.0972 4048 CompositeBus - ok
00:29:06.0097 4048 cpuz135 - ok
00:29:06.0175 4048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:29:06.0175 4048 crcdisk - ok
00:29:06.0347 4048 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
00:29:06.0440 4048 CSC - ok
00:29:06.0674 4048 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:29:06.0721 4048 DfsC - ok
00:29:06.0784 4048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:29:06.0877 4048 discache - ok
00:29:06.0955 4048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:29:06.0971 4048 Disk - ok
00:29:07.0049 4048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:29:07.0096 4048 drmkaud - ok
00:29:07.0205 4048 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:29:07.0252 4048 DXGKrnl - ok
00:29:07.0330 4048 EagleX64 - ok
00:29:07.0486 4048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:29:07.0610 4048 ebdrv - ok
00:29:07.0829 4048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:29:07.0860 4048 elxstor - ok
00:29:07.0985 4048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:29:08.0032 4048 ErrDev - ok
00:29:08.0110 4048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:29:08.0172 4048 exfat - ok
00:29:08.0203 4048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:29:08.0312 4048 fastfat - ok
00:29:08.0422 4048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:29:08.0500 4048 fdc - ok
00:29:08.0718 4048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:29:08.0734 4048 FileInfo - ok
00:29:08.0827 4048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:29:08.0890 4048 Filetrace - ok
00:29:08.0983 4048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:29:08.0999 4048 flpydisk - ok
00:29:09.0077 4048 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:29:09.0092 4048 FltMgr - ok
00:29:09.0233 4048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:29:09.0248 4048 FsDepends - ok
00:29:09.0389 4048 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
00:29:09.0389 4048 fssfltr - ok
00:29:09.0498 4048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:29:09.0514 4048 Fs_Rec - ok
00:29:09.0638 4048 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:29:09.0654 4048 fvevol - ok
00:29:09.0732 4048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:29:09.0748 4048 gagp30kx - ok
00:29:09.0826 4048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:29:09.0841 4048 GEARAspiWDM - ok
00:29:09.0904 4048 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:29:09.0935 4048 hamachi - ok
00:29:09.0966 4048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:29:10.0060 4048 hcw85cir - ok
00:29:10.0169 4048 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:29:10.0216 4048 HdAudAddService - ok
00:29:10.0356 4048 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:29:10.0403 4048 HDAudBus - ok
00:29:10.0450 4048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:29:10.0496 4048 HidBatt - ok
00:29:10.0574 4048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:29:10.0637 4048 HidBth - ok
00:29:10.0684 4048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:29:10.0762 4048 HidIr - ok
00:29:10.0918 4048 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:29:10.0949 4048 HidUsb - ok
00:29:11.0167 4048 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
00:29:11.0183 4048 hpdskflt - ok
00:29:11.0292 4048 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:29:11.0339 4048 HpqKbFiltr - ok
00:29:11.0495 4048 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:29:11.0510 4048 HpSAMD - ok
00:29:11.0651 4048 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:29:11.0744 4048 HTTP - ok
00:29:11.0822 4048 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:29:11.0838 4048 hwpolicy - ok
00:29:11.0916 4048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:29:11.0963 4048 i8042prt - ok
00:29:12.0010 4048 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
00:29:12.0025 4048 iaStorV - ok
00:29:12.0088 4048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:29:12.0103 4048 iirsp - ok
00:29:12.0150 4048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:29:12.0166 4048 intelide - ok
00:29:12.0244 4048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:29:12.0290 4048 intelppm - ok
00:29:12.0400 4048 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:29:12.0509 4048 IpFilterDriver - ok
00:29:12.0602 4048 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:29:12.0649 4048 IPMIDRV - ok
00:29:12.0774 4048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:29:12.0821 4048 IPNAT - ok
00:29:12.0946 4048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:29:12.0961 4048 IRENUM - ok
00:29:13.0055 4048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:29:13.0055 4048 isapnp - ok
00:29:13.0086 4048 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:29:13.0117 4048 iScsiPrt - ok
00:29:13.0148 4048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:29:13.0148 4048 kbdclass - ok
00:29:13.0180 4048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:29:13.0226 4048 kbdhid - ok
00:29:13.0367 4048 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
00:29:13.0382 4048 KSecDD - ok
00:29:13.0476 4048 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
00:29:13.0492 4048 KSecPkg - ok
00:29:13.0554 4048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:29:13.0616 4048 ksthunk - ok
00:29:13.0679 4048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:29:13.0741 4048 lltdio - ok
00:29:13.0804 4048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:29:13.0819 4048 LSI_FC - ok
00:29:13.0866 4048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:29:13.0897 4048 LSI_SAS - ok
00:29:13.0944 4048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:29:13.0960 4048 LSI_SAS2 - ok
00:29:14.0006 4048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:29:14.0022 4048 LSI_SCSI - ok
00:29:14.0100 4048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:29:14.0162 4048 luafv - ok
00:29:14.0240 4048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:29:14.0256 4048 megasas - ok
00:29:14.0303 4048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:29:14.0350 4048 MegaSR - ok
00:29:14.0381 4048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:29:14.0474 4048 Modem - ok
00:29:14.0552 4048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:29:14.0599 4048 monitor - ok
00:29:14.0677 4048 MonitorFunction (95314c3a08589471983c2c8173f23cda) C:\Windows\system32\DRIVERS\TVMonitor.sys
00:29:14.0693 4048 MonitorFunction - ok
00:29:14.0740 4048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:29:14.0755 4048 mouclass - ok
00:29:14.0802 4048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:29:14.0833 4048 mouhid - ok
00:29:14.0896 4048 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:29:14.0911 4048 mountmgr - ok
00:29:14.0958 4048 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:29:14.0989 4048 mpio - ok
00:29:15.0036 4048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:29:15.0098 4048 mpsdrv - ok
00:29:15.0176 4048 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:29:15.0223 4048 MRxDAV - ok
00:29:15.0301 4048 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:29:15.0332 4048 mrxsmb - ok
00:29:15.0395 4048 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:29:15.0442 4048 mrxsmb10 - ok
00:29:15.0504 4048 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:29:15.0551 4048 mrxsmb20 - ok
00:29:15.0613 4048 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:29:15.0613 4048 msahci - ok
00:29:15.0707 4048 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:29:15.0722 4048 msdsm - ok
00:29:15.0754 4048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:29:15.0800 4048 Msfs - ok
00:29:15.0832 4048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:29:15.0894 4048 mshidkmdf - ok
00:29:15.0956 4048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:29:15.0972 4048 msisadrv - ok
00:29:16.0081 4048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:29:16.0128 4048 MSKSSRV - ok
00:29:16.0190 4048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:29:16.0268 4048 MSPCLOCK - ok
00:29:16.0300 4048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:29:16.0362 4048 MSPQM - ok
00:29:16.0409 4048 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:29:16.0424 4048 MsRPC - ok
00:29:16.0456 4048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:29:16.0471 4048 mssmbios - ok
00:29:16.0502 4048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:29:16.0580 4048 MSTEE - ok
00:29:16.0612 4048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:29:16.0658 4048 MTConfig - ok
00:29:16.0690 4048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:29:16.0705 4048 Mup - ok
00:29:16.0752 4048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:29:16.0814 4048 NativeWifiP - ok
00:29:16.0908 4048 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:29:16.0955 4048 NDIS - ok
00:29:17.0033 4048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:29:17.0095 4048 NdisCap - ok
00:29:17.0173 4048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:29:17.0267 4048 NdisTapi - ok
00:29:17.0314 4048 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:29:17.0392 4048 Ndisuio - ok
00:29:17.0485 4048 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:29:17.0563 4048 NdisWan - ok
00:29:17.0610 4048 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:29:17.0688 4048 NDProxy - ok
00:29:17.0719 4048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:29:17.0766 4048 NetBIOS - ok
00:29:17.0797 4048 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:29:17.0891 4048 NetBT - ok
00:29:17.0984 4048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:29:18.0000 4048 nfrd960 - ok
00:29:18.0109 4048 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
00:29:18.0125 4048 nm3 - ok
00:29:18.0172 4048 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
00:29:18.0203 4048 NPF - ok
00:29:18.0234 4048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:29:18.0312 4048 Npfs - ok
00:29:18.0343 4048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:29:18.0421 4048 nsiproxy - ok
00:29:18.0530 4048 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
00:29:18.0608 4048 Ntfs - ok
00:29:18.0671 4048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:29:18.0733 4048 Null - ok
00:29:18.0780 4048 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
00:29:18.0811 4048 nvraid - ok
00:29:18.0889 4048 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
00:29:18.0920 4048 nvstor - ok
00:29:18.0967 4048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:29:18.0983 4048 nv_agp - ok
00:29:19.0014 4048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:29:19.0045 4048 ohci1394 - ok
00:29:19.0123 4048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:29:19.0154 4048 Parport - ok
00:29:19.0217 4048 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:29:19.0232 4048 partmgr - ok
00:29:19.0310 4048 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:29:19.0326 4048 pci - ok
00:29:19.0404 4048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:29:19.0420 4048 pciide - ok
00:29:19.0466 4048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:29:19.0482 4048 pcmcia - ok
00:29:19.0576 4048 PCTCore (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
00:29:19.0607 4048 PCTCore - ok
00:29:19.0685 4048 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
00:29:19.0716 4048 pctDS - ok
00:29:19.0778 4048 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
00:29:19.0825 4048 pctEFA - ok
00:29:19.0872 4048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:29:19.0888 4048 pcw - ok
00:29:19.0934 4048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:29:19.0997 4048 PEAUTH - ok
00:29:20.0324 4048 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:29:20.0387 4048 PptpMiniport - ok
00:29:20.0449 4048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:29:20.0480 4048 Processor - ok
00:29:20.0590 4048 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:29:20.0652 4048 Psched - ok
00:29:20.0714 4048 PsSdk41 (86154f3a156fa2a5429c2940c69f426f) C:\Windows\system32\Drivers\pssdk41.sys
00:29:20.0730 4048 PsSdk41 - ok
00:29:20.0824 4048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:29:20.0902 4048 ql2300 - ok
00:29:20.0980 4048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:29:20.0995 4048 ql40xx - ok
00:29:21.0058 4048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:29:21.0104 4048 QWAVEdrv - ok
00:29:21.0151 4048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:29:21.0198 4048 RasAcd - ok
00:29:21.0276 4048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:29:21.0338 4048 RasAgileVpn - ok
00:29:21.0385 4048 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:29:21.0463 4048 Rasl2tp - ok
00:29:21.0588 4048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:29:21.0650 4048 RasPppoe - ok
00:29:21.0728 4048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:29:21.0806 4048 RasSstp - ok
00:29:21.0884 4048 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:29:21.0947 4048 rdbss - ok
00:29:22.0056 4048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:29:22.0087 4048 rdpbus - ok
00:29:22.0165 4048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:29:22.0212 4048 RDPCDD - ok
00:29:22.0368 4048 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
00:29:22.0415 4048 RDPDR - ok
00:29:22.0524 4048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:29:22.0602 4048 RDPENCDD - ok
00:29:22.0680 4048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:29:22.0742 4048 RDPREFMP - ok
00:29:22.0774 4048 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
00:29:22.0852 4048 RDPWD - ok
00:29:22.0930 4048 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:29:22.0945 4048 rdyboost - ok
00:29:23.0008 4048 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
00:29:23.0086 4048 RMCAST - ok
00:29:23.0148 4048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:29:23.0210 4048 rspndr - ok
00:29:23.0257 4048 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:29:23.0304 4048 RTL8167 - ok
00:29:23.0351 4048 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
00:29:23.0382 4048 s3cap - ok
00:29:23.0460 4048 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:29:23.0476 4048 sbp2port - ok
00:29:23.0569 4048 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
00:29:23.0585 4048 SCDEmu - ok
00:29:23.0647 4048 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:29:23.0710 4048 scfilter - ok
00:29:23.0834 4048 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
00:29:23.0897 4048 sdbus - ok
00:29:24.0022 4048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:29:24.0100 4048 secdrv - ok
00:29:24.0287 4048 Ser2pl - ok
00:29:24.0349 4048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:29:24.0380 4048 Serenum - ok
00:29:24.0443 4048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:29:24.0474 4048 Serial - ok
00:29:24.0536 4048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:29:24.0583 4048 sermouse - ok
00:29:24.0708 4048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:29:24.0739 4048 sffdisk - ok
00:29:24.0802 4048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:29:24.0833 4048 sffp_mmc - ok
00:29:24.0895 4048 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:29:24.0942 4048 sffp_sd - ok
00:29:25.0020 4048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:29:25.0051 4048 sfloppy - ok
00:29:25.0145 4048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:29:25.0160 4048 SiSRaid2 - ok
00:29:25.0176 4048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:29:25.0192 4048 SiSRaid4 - ok
00:29:25.0238 4048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:29:25.0332 4048 Smb - ok
00:29:25.0363 4048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:29:25.0379 4048 spldr - ok
00:29:25.0488 4048 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:29:25.0535 4048 srv - ok
00:29:25.0628 4048 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:29:25.0660 4048 srv2 - ok
00:29:25.0753 4048 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:29:25.0784 4048 srvnet - ok
00:29:25.0894 4048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:29:25.0909 4048 stexstor - ok
00:29:26.0003 4048 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
00:29:26.0096 4048 STHDA - ok
00:29:26.0206 4048 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:29:26.0221 4048 storflt - ok
00:29:26.0284 4048 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
00:29:26.0299 4048 storvsc - ok
00:29:26.0346 4048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:29:26.0362 4048 swenum - ok
00:29:26.0486 4048 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
00:29:26.0518 4048 SynTP - ok
00:29:26.0642 4048 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
00:29:26.0720 4048 Tcpip - ok
00:29:26.0798 4048 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
00:29:26.0845 4048 TCPIP6 - ok
00:29:26.0939 4048 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:29:27.0001 4048 tcpipreg - ok
00:29:27.0079 4048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:29:27.0157 4048 TDPIPE - ok
00:29:27.0235 4048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:29:27.0298 4048 TDTCP - ok
00:29:27.0407 4048 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:29:27.0469 4048 tdx - ok
00:29:27.0578 4048 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
00:29:27.0625 4048 teamviewervpn - ok
00:29:27.0703 4048 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:29:27.0719 4048 TermDD - ok
00:29:27.0781 4048 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:27.0890 4048 tssecsrv - ok
00:29:27.0984 4048 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:29:28.0062 4048 tunnel - ok
00:29:28.0202 4048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:29:28.0218 4048 uagp35 - ok
00:29:28.0265 4048 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:29:28.0358 4048 udfs - ok
00:29:28.0499 4048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:29:28.0514 4048 uliagpkx - ok
00:29:28.0546 4048 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:29:28.0577 4048 umbus - ok
00:29:28.0624 4048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:29:28.0702 4048 UmPass - ok
00:29:28.0842 4048 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
00:29:28.0873 4048 UnlockerDriver5 - ok
00:29:28.0967 4048 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
00:29:29.0029 4048 USBAAPL64 - ok
00:29:29.0092 4048 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
00:29:29.0138 4048 usbaudio - ok
00:29:29.0201 4048 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:29.0263 4048 usbccgp - ok
00:29:29.0310 4048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:29:29.0372 4048 usbcir - ok
00:29:29.0419 4048 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\drivers\usbehci.sys
00:29:29.0450 4048 usbehci - ok
00:29:29.0513 4048 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\drivers\usbhub.sys
00:29:29.0560 4048 usbhub - ok
00:29:29.0575 4048 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
00:29:29.0622 4048 usbohci - ok
00:29:29.0684 4048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:29:29.0747 4048 usbprint - ok
00:29:29.0762 4048 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:29:29.0825 4048 USBSTOR - ok
00:29:29.0856 4048 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
00:29:29.0918 4048 usbuhci - ok
00:29:30.0012 4048 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
00:29:30.0043 4048 usbvideo - ok
00:29:30.0152 4048 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
00:29:30.0184 4048 usb_rndisx - ok
00:29:30.0386 4048 VBoxDrv (00203e05f2fe6cfb94229ed91d6010a2) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:29:30.0418 4048 VBoxDrv - ok
00:29:30.0558 4048 VBoxNetAdp (85df2c59645d374be7e3234241761230) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:29:30.0574 4048 VBoxNetAdp - ok
00:29:30.0652 4048 VBoxNetFlt - ok
00:29:30.0698 4048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:29:30.0698 4048 vdrvroot - ok
00:29:30.0745 4048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:30.0823 4048 vga - ok
00:29:30.0839 4048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:29:30.0901 4048 VgaSave - ok
00:29:30.0932 4048 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:29:30.0948 4048 vhdmp - ok
00:29:30.0964 4048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:29:30.0979 4048 viaide - ok
00:29:31.0026 4048 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
00:29:31.0057 4048 vmbus - ok
00:29:31.0120 4048 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:29:31.0151 4048 VMBusHID - ok
00:29:31.0213 4048 VMnetAdapter - ok
00:29:31.0229 4048 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:29:31.0244 4048 volmgr - ok
00:29:31.0276 4048 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:29:31.0307 4048 volmgrx - ok
00:29:31.0322 4048 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:29:31.0354 4048 volsnap - ok
00:29:31.0385 4048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:29:31.0400 4048 vsmraid - ok
00:29:31.0432 4048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:29:31.0463 4048 vwifibus - ok
00:29:31.0494 4048 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:29:31.0556 4048 vwififlt - ok
00:29:31.0619 4048 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:29:31.0666 4048 vwifimp - ok
00:29:31.0806 4048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:29:31.0868 4048 WacomPen - ok
00:29:31.0962 4048 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:32.0009 4048 WANARP - ok
00:29:32.0071 4048 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:32.0134 4048 Wanarpv6 - ok
00:29:32.0196 4048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:29:32.0212 4048 Wd - ok
00:29:32.0258 4048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:29:32.0305 4048 Wdf01000 - ok
00:29:32.0383 4048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:29:32.0446 4048 WfpLwf - ok
00:29:32.0461 4048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:29:32.0477 4048 WIMMount - ok
00:29:32.0617 4048 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:29:32.0664 4048 WinUsb - ok
00:29:32.0820 4048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:29:32.0867 4048 WmiAcpi - ok
00:29:32.0929 4048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:29:32.0992 4048 ws2ifsl - ok
00:29:33.0132 4048 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:29:33.0210 4048 WudfPf - ok
00:29:33.0288 4048 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:29:33.0366 4048 WUDFRd - ok
00:29:33.0522 4048 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
00:29:33.0569 4048 xnacc - ok
00:29:33.0662 4048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:29:33.0818 4048 \Device\Harddisk0\DR0 - ok
00:29:33.0850 4048 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
00:29:34.0037 4048 \Device\Harddisk1\DR1 - ok
00:29:34.0052 4048 Boot (0x1200) (6a36a9d086f871114e355143726f4e28) \Device\Harddisk0\DR0\Partition0
00:29:34.0068 4048 \Device\Harddisk0\DR0\Partition0 - ok
00:29:34.0115 4048 Boot (0x1200) (4443032ae230f388562d687c5feb61af) \Device\Harddisk0\DR0\Partition1
00:29:34.0115 4048 \Device\Harddisk0\DR0\Partition1 - ok
00:29:34.0146 4048 Boot (0x1200) (f98f6359e61f6d83f5b0fb4ac4e6faa4) \Device\Harddisk1\DR1\Partition0
00:29:34.0146 4048 \Device\Harddisk1\DR1\Partition0 - ok
00:29:34.0177 4048 ============================================================
00:29:34.0177 4048 Scan finished
00:29:34.0177 4048 ============================================================
00:29:34.0240 3008 Detected object count: 1
00:29:34.0240 3008 Actual detected object count: 1
00:29:38.0405 3008 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
00:29:38.0405 3008 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:29:57.0055 4024 Deinitialize success

[Matt Smith]

OTL:
OTL logfile created on: 1/4/2012 12:30:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 46.70% Memory free
7.99 Gb Paging File | 5.91 Gb Available in Paging File | 73.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 46.42 Gb Free Space | 19.94% Space Free | Partition Type: NTFS
Drive D: | 3.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 100.00 Mb Total Space | 70.00 Mb Free Space | 70.01% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 5.64 Gb Free Space | 37.87% Space Free | Partition Type: FAT32

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/04 00:22:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2008/07/01 23:09:18 | 000,755,712 | ---- | M] () -- C:\Program Files (x86)\KeyExtender\KeyExtender.exe


========== Modules (No Company Name) ==========

MOD - [2008/07/01 23:09:18 | 000,755,712 | ---- | M] () -- C:\Program Files (x86)\KeyExtender\KeyExtender.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/25 18:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 14:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 14:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011/07/17 03:50:44 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/24 12:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 04:36:53 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2011/08/08 10:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/30 08:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 18:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/25 07:28:54 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/29 09:01:53 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/07/23 23:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 16:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/11/10 05:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2011/12/24 15:08:12 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 DE 89 52 9C B7 CB 01 [binary data]
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.2: C:\Program Files (x86)\TorrentStream\npvlc.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mafu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/23 18:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/24 14:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 00:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/12/15 01:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\Mafu\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2011/06/27 14:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mafu\AppData\Roaming\IDM\idmmzcc3

[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/16 21:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions
[2011/12/09 00:17:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/08/22 17:39:36 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/05/22 05:41:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/12 01:45:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/21 01:33:14 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\[email protected]
[2011/12/15 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ig01k7m.default\extensions
[2011/11/26 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/24 14:58:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/24 14:58:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/24 14:58:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/23 02:07:53 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [KeyExtender.exe] C:\Program Files (x86)\KeyExtender\KeyExtender.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA9D193-F66A-4E15-B9E2-EB4056CC71F5}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9FFDE1-1B19-47A1-9AA7-FF552F2B79E5}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/14 16:02:12 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2387fed2-320a-11e1-a969-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{2387fed2-320a-11e1-a969-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{2387fef3-320a-11e1-a969-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{2387fef3-320a-11e1-a969-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{2f32e6c0-1654-11e1-8228-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{2f32e6c0-1654-11e1-8228-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{3f670370-f961-11e0-a17d-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{3f670370-f961-11e0-a17d-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{5b6054c2-078a-11e1-a7c8-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{5b6054c2-078a-11e1-a7c8-00269e2b0a58}\Shell\AutoRun\command - "" = W:\mow_setup.exe
O33 - MountPoints2\{5b6054c2-078a-11e1-a7c8-00269e2b0a58}\Shell\install\command - "" = setup.exe
O33 - MountPoints2\{5b6054c2-078a-11e1-a7c8-00269e2b0a58}\Shell\install1\command - "" = DirectX\DXSETUP.exe
O33 - MountPoints2\{5da0232b-073b-11e1-a020-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{5da0232b-073b-11e1-a020-00269e2b0a58}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{968b6f38-03a9-11e1-8bc9-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{968b6f38-03a9-11e1-8bc9-00269e2b0a58}\Shell\AutoRun\command - "" = V:\disableautorun.exe
O33 - MountPoints2\{bec3a8d3-31f7-11e1-b1b1-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{bec3a8d3-31f7-11e1-b1b1-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{cc72c4e2-5f63-11e0-8f2a-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{cc72c4e2-5f63-11e0-8f2a-00269e2b0a58}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{cc72c501-5f63-11e0-8f2a-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{cc72c501-5f63-11e0-8f2a-00269e2b0a58}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{d99bc662-34fa-11e1-b8a1-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{d99bc662-34fa-11e1-b8a1-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{d9b764b0-35cf-11e1-8e75-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{d9b764b0-35cf-11e1-8e75-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\{d9b764d0-35cf-11e1-8e75-00269e2b0a58}\Shell - "" = AutoRun
O33 - MountPoints2\{d9b764d0-35cf-11e1-8e75-00269e2b0a58}\Shell\AutoRun\command - "" = V:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartCD.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CDCheck.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\I\Shell\setup\command - "" = I:\setup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup\rsrc\Autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup\rsrc\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 00:28:13 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\tdsskiller
[2012/01/04 00:28:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/03 20:54:47 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2012/01/03 20:50:16 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2012/01/03 20:49:59 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/01/03 13:50:37 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Mafu\Desktop\unetbootin-windows-563.exe
[2012/01/02 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cd Keys_files
[2012/01/02 21:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\MigWiz
[2012/01/02 13:26:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/01/02 13:25:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/12/31 22:49:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/12/31 22:49:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/12/31 22:49:37 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/12/31 22:49:37 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/12/31 22:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/12/31 22:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/31 22:49:37 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/31 22:49:37 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/12/31 22:49:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/12/31 22:49:25 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/12/31 22:49:25 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/12/31 22:49:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/31 22:48:56 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/31 22:48:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/31 22:48:55 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/31 22:48:52 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/12/31 22:48:52 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/12/31 22:48:52 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/12/31 22:48:51 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/12/31 22:48:50 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/12/31 22:48:49 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/12/31 22:48:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/12/31 22:48:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/12/31 22:48:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/12/31 22:48:23 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/12/31 22:48:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/12/31 22:48:21 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/31 22:48:21 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/31 22:48:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/12/31 22:48:21 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/31 22:48:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/31 22:48:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/12/31 22:48:20 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/12/31 22:48:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/12/31 22:48:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/12/31 22:48:20 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/12/31 22:48:06 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/12/31 22:48:06 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/12/31 22:48:06 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/12/31 22:48:05 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/12/31 22:48:05 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/12/31 22:48:05 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/12/31 22:48:05 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/12/31 22:47:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/31 22:47:25 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/31 22:47:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/31 22:47:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/31 22:47:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/31 22:47:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/31 22:47:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/31 22:47:24 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/31 22:47:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/31 22:47:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/31 22:47:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/31 22:47:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/31 22:47:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/31 22:47:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/31 22:47:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/31 22:46:48 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/12/31 22:46:48 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/12/31 22:46:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/31 22:46:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/12/31 22:46:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/31 22:46:47 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/31 22:46:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/12/31 22:46:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/12/31 22:46:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/12/31 22:46:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/31 22:46:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/12/31 22:46:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/12/31 22:46:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/31 22:46:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/31 22:46:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/12/31 22:46:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/12/31 22:46:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/31 22:46:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/12/31 22:46:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/31 22:46:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/12/31 22:46:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/31 22:46:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/31 22:46:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/12/31 22:46:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/12/31 22:46:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/12/31 22:46:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/12/31 22:46:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/12/31 22:46:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/12/31 22:46:26 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/12/31 22:46:15 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/31 22:46:15 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/31 22:46:11 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/31 22:46:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/31 22:39:20 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/31 22:39:19 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/12/31 22:39:19 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/12/31 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\CrashDumps
[2011/12/29 02:00:28 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\Threat Expert
[2011/12/25 12:48:58 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshelper.dll
[2011/12/25 12:43:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\wshelper.dll
[2011/12/25 00:19:52 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/12/25 00:19:52 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/12/25 00:19:51 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/12/25 00:19:51 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/12/25 00:19:48 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/12/25 00:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/25 00:19:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/24 23:45:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/24 23:45:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/24 23:45:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/24 23:45:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/24 15:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/12/24 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/12/21 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Malwarebytes
[2011/12/21 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/21 18:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Mafu\AppData\Local\d7c12045
[2011/12/21 11:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\937D8
[2011/12/21 11:34:49 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/17 03:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyExtender
[2011/12/17 03:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyExtender
[2011/12/15 01:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2011/12/15 01:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2011/12/15 01:31:48 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/15 01:23:07 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/12/15 01:20:39 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/12/13 22:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/12/12 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\inMomentum
[2011/12/12 21:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\inMomentum
[2011/12/12 01:44:36 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\EapmapUI
[2011/12/08 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\SCE
[2011/12/07 02:36:59 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cards
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 00:30:10 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000UA.job
[2012/01/04 00:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/04 00:28:25 | 001,346,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 00:28:25 | 000,362,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 00:28:25 | 000,006,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 00:25:56 | 001,558,406 | ---- | M] () -- C:\Users\Mafu\Desktop\tdsskiller.zip
[2012/01/04 00:22:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/03 23:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/03 22:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/03 21:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/03 20:54:47 | 000,000,002 | ---- | M] () -- C:\$drvmig$
[2012/01/03 20:54:13 | 000,005,346 | ---- | M] () -- C:\Users\Mafu\Desktop\Windows Compatibility Report.htm
[2012/01/03 20:53:43 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 20:53:43 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 20:49:42 | 000,002,188 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/03 20:49:38 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/03 20:46:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 20:46:25 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 20:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/03 19:42:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/03 19:09:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000Core.job
[2012/01/03 18:58:51 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/03 18:58:51 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/03 18:58:51 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/03 18:58:51 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/03 14:29:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/03 13:49:52 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Mafu\Desktop\unetbootin-windows-563.exe
[2012/01/03 13:45:55 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/03 13:45:55 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/03 11:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/03 10:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/03 09:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/03 08:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/03 07:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/03 06:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/03 05:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/03 04:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/03 03:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/03 03:10:47 | 000,006,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/03 02:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/03 01:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/02 22:46:36 | 000,010,362 | ---- | M] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/02 22:25:57 | 001,639,360 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/02 21:58:38 | 004,977,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/01 20:33:24 | 552,267,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/25 13:22:45 | 000,000,154 | ---- | M] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 12:53:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wshelper.dll
[2011/12/25 01:01:29 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/25 00:19:47 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 20:02:04 | 000,000,355 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ussclean
[2011/12/24 15:08:12 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:59:13 | 000,002,052 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/24 14:57:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\3nT222i2h.dat
[2011/12/24 14:56:46 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\pxa8Lm8d.com
[2011/12/24 14:56:32 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/23 02:07:53 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/21 22:45:08 | 000,000,104 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/17 03:39:26 | 000,000,044 | ---- | M] () -- C:\Users\Mafu\AppData\Roaming\svighostkey.dll
[2011/12/17 03:39:01 | 000,000,003 | ---- | M] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2011/12/17 03:38:59 | 000,000,977 | ---- | M] () -- C:\Users\Mafu\Desktop\KeyExtender.lnk
[2011/12/15 01:32:14 | 000,002,014 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/12/15 01:32:14 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2011/12/15 01:29:56 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/12 21:19:52 | 000,001,248 | ---- | M] () -- C:\Users\Mafu\Desktop\inMomentum.lnk
[2011/12/08 17:42:48 | 000,002,608 | ---- | M] () -- C:\Users\Mafu\Desktop\DC Universe Online Live.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 00:28:06 | 001,558,406 | ---- | C] () -- C:\Users\Mafu\Desktop\tdsskiller.zip
[2012/01/03 20:54:14 | 000,005,346 | ---- | C] () -- C:\Users\Mafu\Desktop\Windows Compatibility Report.htm
[2012/01/02 23:23:57 | 000,000,002 | ---- | C] () -- C:\$drvmig$
[2012/01/02 23:13:44 | 3605,774,336 | ---- | C] () -- C:\Users\Mafu\Desktop\6801.0.080913-2030_Client_en-us_ULTIMATE-ULTIMATE_GB1CXFRE_EN_DVD.iso
[2012/01/02 22:43:37 | 000,010,362 | ---- | C] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/01 20:33:24 | 552,267,682 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 11:18:54 | 000,000,154 | ---- | C] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 00:19:56 | 001,639,360 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/25 00:19:47 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 23:45:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:45:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:45:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:45:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:45:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/24 15:08:09 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:57:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\3nT222i2h.dat
[2011/12/24 14:57:55 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/24 14:57:52 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/24 14:57:50 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/24 14:57:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/24 14:57:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/24 14:57:42 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/24 14:57:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/24 14:57:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/24 14:57:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/24 14:57:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 14:57:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/24 14:57:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/24 14:57:24 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/24 14:57:22 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/24 14:57:20 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/24 14:57:18 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/24 14:57:16 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/24 14:57:14 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/24 14:57:12 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/24 14:57:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/24 14:57:07 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/24 14:57:04 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/24 14:57:02 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/24 14:57:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/24 14:56:58 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\pxa8Lm8d.com
[2011/12/21 22:45:08 | 000,000,104 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/17 03:39:26 | 000,000,044 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\svighostkey.dll
[2011/12/17 03:39:01 | 000,000,003 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2011/12/17 03:38:59 | 000,000,977 | ---- | C] () -- C:\Users\Mafu\Desktop\KeyExtender.lnk
[2011/12/15 01:32:14 | 000,002,014 | ---- | C] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/12/15 01:32:14 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2011/12/13 22:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/12 21:19:52 | 000,001,248 | ---- | C] () -- C:\Users\Mafu\Desktop\inMomentum.lnk
[2011/12/08 15:18:31 | 000,002,608 | ---- | C] () -- C:\Users\Mafu\Desktop\DC Universe Online Live.lnk
[2011/12/08 15:18:31 | 000,002,538 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011/11/07 00:39:56 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2011/08/06 05:14:14 | 000,000,128 | ---- | C] () -- C:\Users\Mafu\AppData\Local\info.dat
[2011/08/05 20:24:54 | 000,110,338 | ---- | C] () -- C:\ProgramData\12321gdf5.jpeg
[2011/08/05 00:54:32 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2011/07/09 02:48:38 | 000,000,600 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\winscp.rnd
[2011/06/19 00:42:55 | 000,000,020 | ---- | C] () -- C:\Windows\Converter.INI
[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat
[2011/06/09 23:44:00 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\wta.dat
[2011/06/09 18:49:52 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\wta.ini
[2011/06/03 20:06:31 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin
[2011/05/31 19:55:42 | 000,064,048 | ---- | C] () -- C:\Windows\SysWow64\Hidhlp.dll
[2011/05/31 19:55:42 | 000,011,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\KMDX.sys
[2011/05/12 21:07:42 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 20:52:13 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/12 20:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/09 05:03:01 | 000,001,456 | ---- | C] () -- C:\Users\Mafu\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/07 17:55:47 | 000,000,120 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\c677aaba.dat
[2011/04/07 00:52:35 | 000,003,584 | ---- | C] () -- C:\Users\Mafu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 22:58:46 | 000,000,017 | ---- | C] () -- C:\Users\Mafu\AppData\Local\resmon.resmoncfg
[2011/03/31 00:48:21 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011/03/30 23:26:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/30 23:26:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/30 23:26:18 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/30 23:26:18 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/30 23:26:18 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/20 02:55:39 | 000,000,426 | ---- | C] () -- C:\Windows\aspack.ini
[2011/02/01 20:02:16 | 000,000,132 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/18 00:14:04 | 000,000,173 | ---- | C] () -- C:\Users\Mafu\AppData\Local\msmathematics.qat.Mafu
[2011/01/17 19:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/01/03 22:51:33 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 00:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/01/02 19:41:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 18:12:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/24 05:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/22 00:34:41 | 000,006,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 04:17:44 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010/12/20 03:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 11:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 990 bytes -> C:\Program Files (x86)\Common Files\System:oeuinffjZc7KNhlzMWe48CD
@Alternate Data Stream - 946 bytes -> C:\ProgramData\Microsoft:B2RaoTpiRxqjbekl1qxPODB
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 1116 bytes -> C:\ProgramData\Microsoft:O8Cw3ZuMk0KKzoe4mi9r
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 1006 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:t5GdSJVQ43HSE1awkQUmc

< End of report >

[Matt Smith]

Extras:
OTL Extras logfile created on: 1/4/2012 12:30:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 46.70% Memory free
7.99 Gb Paging File | 5.91 Gb Available in Paging File | 73.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 46.42 Gb Free Space | 19.94% Space Free | Partition Type: NTFS
Drive D: | 3.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 100.00 Mb Total Space | 70.00 Mb Free Space | 70.01% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 5.64 Gb Free Space | 37.87% Space Free | Partition Type: FAT32

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA51EDF2-08D3-45B2-BCB0-7C8F5BD4348D}" = DVD or CD Sharing
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EC2C1B61-3AA4-4477-8067-27B6276536DB}" = SmartFTP Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17FE8F8E-D8FA-440E-9ACF-3C51787E7225}" = FolderSizes 4
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{3F586E56-913B-4C6D-889B-F591485E069D}" = Microsoft Research Mesh Virtual WIFI
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{76D5F5C8-62C0-4FD4-8655-955378C4B30D}" = Cameyo
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
"{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}" = WD FAT32 Formatter
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E51A8627-B4B4-48F3-AABA-EE5DA0CF454D}" = XLink Kai
"{E6ED71F2-E542-4B94-AE9C-24925E13CA02}" = Zend Server
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anapod CopyGear" = Anapod CopyGear (remove only)
"ASPack_is1" = ASPack 2.25
"AutoHotkey" = AutoHotkey 1.1.00.00
"AutoItv3" = AutoIt v3.3.6.1
"AutoItv3beta" = AutoIt v3.3.7.9 (Beta)
"Capsule" = Capsule
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Music Zilla_is1" = Free Music Zilla
"GameSpy Arcade" = GameSpy Arcade
"gputils" = gputils
"Graboid Video" = Graboid Video 2.01
"HandBrake" = HandBrake 0.9.5
"HP Battery Check" = HP Battery Check
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"IrfanView" = IrfanView (remove only)
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"JFK Reloaded" = JFK Reloaded 1.1
"KeyExtender_is1" = KeyExtender 3.96
"King Arthur's Gold (Alpha)_is1" = KAG 0.90A
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"KMDX 1.00" = KMDX 1.00
"MacroGamer" = MacroGamer 2.7.5
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher
"Notepad++" = Notepad++
"OnLive" = OnLive
"OpenAL" = OpenAL
"Pegtop PStart" = Pegtop PStart
"PowerISO" = PowerISO
"Proun" = Proun
"Scorched3D" = Scorched3D 43.2a
"SeaMonkey (2.5)" = SeaMonkey (2.5)
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"Spyware Doctor" = Spyware Doctor 8.0
"StarCraft" = StarCraft
"Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)
"Steam App 440" = Team Fortress 2
"Sticky Password_is1" = Sticky Password 5.0.4.232
"TSPlugin" = Torrent Stream (remove only)
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"USB2.0 ATV" = USB2.0 ATV
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"VLMC" = VideoLAN Movie Creator
"Volumouse" = NirSoft Volumouse
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinCDEmu" = WinCDEmu
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.0
"FolderSizes 4" = FolderSizes 4
"MusicManager" = Music Manager
"SOE-DC Universe Online Live" = DC Universe Online Live
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[SweetTech]

Hi Matt!

You are definitely still infected.

I need for you to download the file below and copy it to your USB drive and run it on the infected computer.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[Matt Smith]

Combofix:
ComboFix 12-01-03.08 - Mafu 01/04/2012 1:06.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1812 [GMT -8:00]
Running from: c:\users\Mafu\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mafu\AppData\Local\d7c12045\U
c:\users\Mafu\AppData\Local\d7c12045\U\80000000.@
c:\users\Mafu\AppData\Local\d7c12045\U\800000cb.@
c:\users\Mafu\AppData\Local\d7c12045\U\800000cf.@
c:\users\Mafu\AppData\Local\d7c12045\X
c:\users\Mafu\AppData\Roaming\0ad
c:\users\Mafu\AppData\Roaming\0ad\config\user.cfg
c:\users\Mafu\AppData\Roaming\Bitcoin
c:\users\Mafu\AppData\Roaming\Bitcoin\.lock
c:\users\Mafu\AppData\Roaming\Bitcoin\__db.001
c:\users\Mafu\AppData\Roaming\Bitcoin\__db.002
c:\users\Mafu\AppData\Roaming\Bitcoin\__db.003
c:\users\Mafu\AppData\Roaming\Bitcoin\__db.004
c:\users\Mafu\AppData\Roaming\Bitcoin\__db.005
c:\users\Mafu\AppData\Roaming\Bitcoin\__db.006
c:\users\Mafu\AppData\Roaming\Bitcoin\addr.dat
c:\users\Mafu\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Mafu\AppData\Roaming\Bitcoin\database\log.0000000110
c:\users\Mafu\AppData\Roaming\Bitcoin\db.log
c:\users\Mafu\AppData\Roaming\Bitcoin\debug.log
c:\users\Mafu\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Mafu\AppData\Roaming\ispnetkey.dll
c:\users\Mafu\AppData\Roaming\svighostkey.dll
c:\users\Mafu\AppData\Roaming\Xbins
c:\users\Mafu\AppData\Roaming\Xbins\dict
c:\users\Mafu\AppData\Roaming\Xbins\FileZilla.xml
c:\users\Mafu\AppData\Roaming\Xbins\icon.ico
c:\users\Mafu\AppData\Roaming\Xbins\xbinsftp.exe
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\pxa8Lm8d.com
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 09:17 . 2012-01-04 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 04:54 . 2012-01-04 04:54 -------- d-----w- C:\$WINDOWS.~LS
2012-01-04 04:50 . 2012-01-04 06:18 -------- d-----w- C:\$UPGRADE.~OS
2012-01-04 04:49 . 2012-01-04 04:49 -------- d-----w- C:\$WINDOWS.~BT
2012-01-03 05:35 . 2012-01-03 05:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-03 05:29 . 2012-01-03 05:29 -------- d-----w- c:\users\Mafu\AppData\Local\MigWiz
2012-01-02 21:26 . 2012-01-02 21:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-01-02 21:25 . 2012-01-02 21:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-01 06:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-01 06:46 . 2011-07-16 05:21 422400 ----a-w- c:\windows\system32\KernelBase.dll
2012-01-01 06:39 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-01 06:39 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-01 06:39 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-01 06:28 . 2012-01-01 06:52 -------- d-----w- c:\users\Mafu\AppData\Local\CrashDumps
2011-12-29 10:00 . 2011-12-29 10:00 -------- d-----w- c:\users\Mafu\AppData\Local\Threat Expert
2011-12-25 20:48 . 2011-12-25 20:53 19968 ----a-w- c:\windows\system32\wshelper.dll
2011-12-25 20:43 . 2009-07-14 17:16 15360 ----a-w- c:\windows\wshelper.dll
2011-12-25 08:19 . 2010-07-16 22:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-12-25 08:19 . 2010-06-29 18:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-12-25 08:19 . 2010-11-17 18:20 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-12-25 08:19 . 2010-11-17 18:20 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-12-25 08:19 . 2010-11-25 18:43 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-12-25 08:19 . 2010-11-25 18:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-12-25 08:19 . 2011-12-29 10:45 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-25 08:19 . 2011-12-25 08:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-25 08:19 . 2011-12-25 08:19 -------- d-----w- c:\programdata\PC Tools
2011-12-25 08:19 . 2011-12-25 08:19 -------- d-----w- c:\users\Mafu\AppData\Roaming\PC Tools
2011-12-25 04:02 . 2011-12-25 04:02 355 ----a-w- c:\windows\system32\drivers\etc\hosts.ussclean.tmp
2011-12-24 23:11 . 2011-12-24 23:11 -------- d-----w- c:\users\Mafu\AppData\Roaming\f-secure
2011-12-24 23:11 . 2011-12-24 23:11 -------- d-----w- c:\programdata\F-Secure
2011-12-24 23:08 . 2011-12-24 23:08 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-12-24 22:58 . 2011-12-24 22:58 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-24 22:58 . 2011-12-24 22:58 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-24 22:58 . 2011-12-24 22:58 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-24 22:58 . 2011-12-24 22:58 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-22 07:43 . 2011-12-22 07:43 -------- d-----w- c:\users\Mafu\AppData\Roaming\Malwarebytes
2011-12-22 07:43 . 2011-12-22 07:43 -------- d-----w- c:\programdata\Malwarebytes
2011-12-22 05:51 . 2011-12-25 07:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-22 05:51 . 2011-12-25 07:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-22 02:48 . 2012-01-04 09:16 -------- d-sh--w- c:\users\Mafu\AppData\Local\d7c12045
2011-12-21 19:39 . 2011-12-21 19:39 -------- d-----w- c:\program files (x86)\937D8
2011-12-17 11:38 . 2011-12-17 11:39 -------- d-----w- c:\program files (x86)\KeyExtender
2011-12-15 09:32 . 2011-12-15 09:32 -------- d-----w- c:\program files (x86)\SeaMonkey
2011-12-15 09:31 . 2011-12-15 09:29 737280 ----a-w- c:\windows\iun6002.exe
2011-12-15 09:23 . 2011-12-15 09:23 -------- d-----w- c:\users\Mafu\AppData\Roaming\KompoZer
2011-12-15 09:20 . 2011-12-15 09:20 -------- d-----w- c:\users\Mafu\AppData\Roaming\Nvu
2011-12-14 06:40 . 2011-12-25 09:02 -------- d-----w- c:\programdata\Soluto
2011-12-13 05:19 . 2011-12-13 05:19 -------- d-----w- c:\program files (x86)\inMomentum
2011-12-12 09:44 . 2011-12-12 09:44 -------- d-----w- c:\users\Mafu\AppData\Local\EapmapUI
2011-12-08 23:18 . 2011-12-08 23:18 -------- d-----w- c:\users\Mafu\AppData\Local\SCE
2011-12-08 23:18 . 2011-12-08 23:18 -------- d-----w- c:\users\Public\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 05:38 . 2011-01-24 03:21 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-11-10 09:45 . 2011-11-10 09:45 249856 ------w- c:\windows\Setup1.exe
2011-11-10 09:45 . 2011-11-10 09:45 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"KeyExtender.exe"="c:\program files (x86)\KeyExtender\KeyExtender.exe" [2008-07-02 755712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 ----a-w- c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-05 00:05 311296 ----a-r- c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files (x86)\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Aken;Aken;c:\users\Mafu\AppData\Local\0 A.D. alpha\binaries\system\aken64.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-17 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\System32\StkCSrv.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 119296]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000Core.job
- c:\users\Mafu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 10:54]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000UA.job
- c:\users\Mafu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 10:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mafu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2009-07-22 603448]
"combofix"="c:\combofix\CF27015.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-80381206.sys
SafeBoot-SolutoService
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-01-04 01:27:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 09:27
.
Pre-Run: 49,440,092,160 bytes free
Post-Run: 48,994,058,240 bytes free
.
- - End Of File - - 7C9BB07FBD6440147B823EB7F9A2F13D