Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.ZeroAccess.B - consrv.dll and tidserv - Logs from OTL posted

Started by ericc2728 , Jan 15 2012 02:40 PM

  • Please log in to reply

#1
ericc2728
Posted 15 January 2012 - 02:40 PM

ericc2728

    Member

  • Member
  • PipPip
  • 27 posts
I'm getting the same problems as some of the other posts in this forum. I've attached a norton screenshot when i used the advanced boot recovery. I'm assuming that I'm getting false tidserv infections due to the trojan.zeroaccess.b virus.

According to the instructions in previous posts, here are the logs

OTL logfile created on: 1/15/2012 12:59:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.77% Memory free
15.99 Gb Paging File | 14.45 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 70.00 Gb Free Space | 15.42% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 248.25 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 646.25 Gb Free Space | 34.69% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 543.31 Gb Free Space | 29.16% Space Free | Partition Type: NTFS
Drive X: | 698.63 Gb Total Space | 417.72 Gb Free Space | 59.79% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 43.81 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Drive Z: | 922.86 Gb Total Space | 23.74 Gb Free Space | 2.57% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 12:57:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2009/08/18 02:13:04 | 000,678,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgr.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/11/08 15:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Stopped] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/08/19 16:43:24 | 000,386,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/01/14 22:04:20 | 002,482,552 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Users\Eric\AppData\Local\Temp\LMIR0003.tmp\LMI_Rescue_srv.exe -- (LMIRescue_261da54f-1e37-4813-8d88-0419630b1c3d) LogMeIn Rescue (261da54f-1e37-4813-8d88-0419630b1c3d)
SRV - [2012/01/14 18:02:31 | 002,482,552 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Users\Eric\AppData\Local\Temp\LMIR0002.tmp\LMI_Rescue_srv.exe -- (LMIRescue_0fe6e286-2520-4db5-80eb-6fd4c551264d) LogMeIn Rescue (0fe6e286-2520-4db5-80eb-6fd4c551264d)
SRV - [2012/01/13 17:41:37 | 002,482,552 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Users\Eric\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe -- (LMIRescue_28ec28fe-b6a0-41cf-875f-97e948bf15af) LogMeIn Rescue (28ec28fe-b6a0-41cf-875f-97e948bf15af)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/26 14:53:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/11/24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 07:58:02 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/14 13:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 13:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 13:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 10:44:45 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 10:44:45 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/31 20:37:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120113.025\EX64.SYS -- (NAVEX15)
DRV - [2011/10/31 20:37:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120113.025\ENG64.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 1F 0F 60 53 BF CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 1F 0F 60 53 BF CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://movedowntown...n/MyOffice.aspx
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7E A0 6E 5F 45 CC 01 [binary data]
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/05 22:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/15 02:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 02:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 10:10:16 | 000,000,000 | ---D | M]

[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/06 16:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions
[2011/06/29 09:55:20 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/11/12 12:30:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/31 19:06:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2011/11/05 13:15:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2012/01/14 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: USA TODAY = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggljnipbdiebhbmadknfbjlhehbohbn\2.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.17_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Offline Google Mail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: LastPass = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.1_0\
CHR - Extension: Smooth Gestures = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Linkclump = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.0.16_0\
CHR - Extension: Copy Link Text = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FreshStart - Cross Browser Session Manager = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb\1.5.4_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

Hosts file not found
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" File not found
O4 - HKU\S-1-5-18..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000..\Run: [Dekisoft Monitor Off Utility] C:\Program Files (x86)\Monitor Off Utility\monoff.exe (Dekisoft)
O4 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000..\Run: [GoogleContactSync] C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
O4 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {026ECE7F-AC77-42C1-AFA7-9576D1A4EAB6} http://www.formsrus.com/53/setup.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://cbrmls.columb...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {ECC56E5B-BE50-4691-BAE5-1BB7DF70BF95} http://www.formsrus....forms/setup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3315377E-1827-411A-8A89-D1292871D5AE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-1948204673-1780984394-1029538037-1000 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/15 14:24:39 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 12:57:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/01/13 23:24:55 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/13 20:04:49 | 000,000,000 | ---D | C] -- C:\NPE
[2012/01/13 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Temp
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/13 16:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/01/13 14:38:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/13 13:40:42 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/01/11 16:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GO Contact Sync Mod
[2012/01/11 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebGear
[2012/01/11 16:05:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/11 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\NPE
[2012/01/11 03:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\679C1
[2012/01/09 17:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/01/09 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\PDF-XChange.Viewer.Pro.v2.042.7.Multilingual.Cracked-EAT
[2012/01/09 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/09 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5C9B070-3124-44D4-A2B0-51E843B0421E}
[2012/01/09 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{26F4E894-BE27-4D56-80C2-DECD41B57B7F}
[2012/01/09 01:40:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5F690E7E-FE96-4F1C-ACFC-8A2FBDDD42AD}
[2012/01/09 01:40:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2FC95A88-D39F-459B-B7F0-C58608BE1660}
[2012/01/08 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AACCF45-EC22-46EC-A236-C7D06B5C275F}
[2012/01/08 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D650295A-2195-425A-8A82-0CC902A6F37A}
[2012/01/08 01:40:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A3EF6F9B-EC64-4F35-B611-FA24D122696E}
[2012/01/08 01:40:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AECBE636-CA8D-47A8-9D8C-6A302B8981DE}
[2011/12/30 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA8063F6-590E-4E7C-823F-2ADF139AC157}
[2011/12/30 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{43FBE04C-7767-48A2-8A58-49B05224213C}
[2011/12/29 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D35D1A2-7DDC-43A6-B5E6-A175EAB048CF}
[2011/12/29 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDF54AE7-0EA6-4018-BA9E-89E8C01066CA}
[2011/12/25 23:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/22 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DEBFC9FE-26FB-4F48-9025-399E3FD7572A}
[2011/12/22 17:29:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{59E8FE2C-1297-4A07-96D5-28457E0839AD}
[2011/12/21 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{10654CD9-E24B-415D-986D-F70F31D759E1}
[2011/12/21 23:29:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D7F844A1-9065-4A39-8718-61043782FCD7}
[2011/12/20 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CB98EDCE-D14B-44D7-BD5D-F08265D65A9F}
[2011/12/20 16:24:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{15EABF08-E920-43B8-B2D3-FE6D7783ADBC}
[2011/12/20 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Synaptics
[2011/12/20 00:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/12/20 00:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2011/12/20 00:03:23 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/12/20 00:03:23 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/12/20 00:03:23 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/12/20 00:03:23 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/12/20 00:03:22 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/12/20 00:03:22 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/12/20 00:03:22 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2011/12/20 00:03:22 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/12/19 23:38:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/18 22:31:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Skype
[2011/12/18 22:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/17 13:10:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A6B8397B-4FBF-4E2D-A549-2810A0D32A9A}
[2011/12/17 13:10:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8D47E7A3-F3BC-486D-A744-50802D6CD058}
[2011/04/08 19:57:26 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/15 12:57:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012/01/15 12:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/15 12:47:35 | 2145,898,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 18:12:55 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 18:12:55 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/14 17:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/14 16:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/14 13:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/14 11:15:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 11:15:46 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/14 10:32:55 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\consrv.dll
[2012/01/14 01:06:16 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 19:19:22 | 000,000,149 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/13 18:05:50 | 000,122,616 | ---- | M] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:16:39 | 000,822,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 16:16:39 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 16:16:39 | 000,131,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 16:14:17 | 000,001,380 | ---- | M] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/12 22:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/11 15:29:33 | 326,268,174 | ---- | M] () -- C:\Regbackup.reg
[2012/01/11 03:30:35 | 000,002,664 | ---- | M] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/11 03:30:31 | 000,031,256 | ---- | M] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/05 16:00:16 | 001,329,952 | ---- | M] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:24 | 000,002,600 | ---- | M] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/21 15:18:41 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/12/20 19:51:14 | 000,044,713 | ---- | M] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2012/01/14 01:06:15 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 18:05:49 | 000,122,616 | ---- | C] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:20:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F\isolate.ini
[2012/01/13 16:14:15 | 000,001,380 | ---- | C] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/12 22:45:11 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/01/11 15:29:10 | 326,268,174 | ---- | C] () -- C:\Regbackup.reg
[2012/01/11 03:30:31 | 000,031,256 | ---- | C] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/11 03:30:31 | 000,002,664 | ---- | C] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/05 15:55:56 | 001,329,952 | ---- | C] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:21 | 000,002,600 | ---- | C] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 19:51:14 | 000,044,713 | ---- | C] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/12/20 00:03:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/13 22:00:15 | 000,231,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/08/11 18:59:22 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/12 15:25:44 | 000,797,020 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\ericc2728.zip
[2011/05/03 10:48:36 | 000,000,320 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SEC540722.trad
[2011/05/03 10:48:24 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2011/03/24 12:38:31 | 000,000,341 | ---- | C] () -- C:\Windows\BCLWDDE.INI
[2011/03/12 15:22:21 | 000,010,240 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 13:22:51 | 000,001,465 | ---- | C] () -- C:\Windows\pcforms.ini
[2011/02/02 14:53:41 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/01 18:03:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/01 17:32:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/28 14:34:08 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/27 16:49:45 | 000,037,843 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/27 15:08:04 | 000,000,149 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/26 15:04:13 | 000,000,410 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/25 22:37:48 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/25 16:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011/01/25 13:36:46 | 000,000,017 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2011/01/25 03:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/29 01:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/30 20:26:00 | 000,365,568 | ---- | C] () -- C:\Windows\SysWow64\WINCTL32.DLL
[2010/06/30 20:26:00 | 000,055,808 | ---- | C] () -- C:\Windows\ICE_JNIRegistry.dll
[2010/06/30 20:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Simspy32.dll
[2010/06/30 20:26:00 | 000,032,768 | ---- | C] () -- C:\Windows\Java2INI.dll
[2010/06/23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/13 15:58:21 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2003/02/28 15:51:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\easysoap.dll
[2003/01/28 02:09:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

========== LOP Check ==========

[2011/11/26 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Genie-Soft
[2011/11/26 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Genie-Soft
[2011/07/23 10:20:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Actual Tools
[2011/12/23 12:57:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/10/28 10:07:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\calibre
[2011/06/23 12:06:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CatenaLogic
[2012/01/09 16:01:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CrashPlan
[2012/01/10 23:36:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2012/01/10 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FileZilla
[2011/11/26 21:51:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Genie-Soft
[2011/05/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GlarySoft
[2011/07/20 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GoContactSyncMOD
[2011/02/13 18:49:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Guitar Pro 6
[2011/08/25 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Jason Robitaille
[2011/09/26 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\KompoZer
[2011/01/26 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Maximizer
[2011/01/25 15:06:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PowerCinema
[2011/01/26 00:12:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\RoboForm
[2011/11/06 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Samsung
[2011/12/19 23:45:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Soocial
[2011/02/16 15:25:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoocialInstallationLogs
[2011/12/20 00:06:57 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Synaptics
[2012/01/13 01:11:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TeamViewer
[2011/02/03 17:01:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Tific
[2011/08/04 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Titanium
[2011/04/29 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Tracker Software
[2011/05/03 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TradeStation Technologies
[2011/07/06 15:30:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/01/25 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ulead Systems
[2012/01/10 21:11:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2011/10/13 12:01:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\webex
[2011/01/28 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Win7codecs
[2011/01/25 20:16:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\WinBatch
[2011/05/30 14:52:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Windows Live Writer
[2012/01/14 13:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/14 16:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/14 11:15:46 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/01/13 16:49:22 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: CONSRV.DLL >
[2012/01/14 10:32:55 | 000,053,248 | ---- | M] () MD5=6BF2039986AF96D98E08824AC6C383FD -- C:\Windows\SysNative\consrv.dll
[2012/01/14 10:32:55 | 000,053,248 | ---- | M] () MD5=6BF2039986AF96D98E08824AC6C383FD -- C:\Windows\system64\consrv.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3315377E-1827-411A-8A89-D1292871D5AE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{51398D5A-0EC7-4C59-898D-AC16AE86436F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 01 01 06 01 07 01 05 01 04 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Files - Unicode (All) ==========
[2011/09/07 19:40:25 | 000,000,000 | ---D | M](C:\Windows\SysNative\?!) -- C:\Windows\SysNative\Ȱ!
[2011/09/07 19:40:25 | 000,000,000 | ---D | C](C:\Windows\SysNative\?!) -- C:\Windows\SysNative\Ȱ!
[2011/09/07 19:40:24 | 000,000,000 | ---D | M](C:\Windows\SysNative\3?) -- C:\Windows\SysNative\3쀀
[2011/09/07 19:40:24 | 000,000,000 | ---D | M](C:\Windows\SysNative\?2) -- C:\Windows\SysNative\Ȱ2
[2011/09/07 19:40:24 | 000,000,000 | ---D | C](C:\Windows\SysNative\3?) -- C:\Windows\SysNative\3쀀
[2011/09/07 19:40:24 | 000,000,000 | ---D | C](C:\Windows\SysNative\?2) -- C:\Windows\SysNative\Ȱ2

========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Windows:

< End of report >

OTL Extras logfile created on: 1/15/2012 12:59:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.77% Memory free
15.99 Gb Paging File | 14.45 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 70.00 Gb Free Space | 15.42% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 248.25 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 646.25 Gb Free Space | 34.69% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 543.31 Gb Free Space | 29.16% Space Free | Partition Type: NTFS
Drive X: | 698.63 Gb Total Space | 417.72 Gb Free Space | 59.79% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 43.81 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Drive Z: | 922.86 Gb Total Space | 23.74 Gb Free Space | 2.57% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{3EE30764-A4C2-4371-8EC5-61418CF6271B}" = Air Display Support
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Unlocker" = Unlocker 1.9.0-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{0FAFE712-DF6D-455C-9016-861A0CDC1E1D}" = pcFORMation 5.3.6 Install
"{10F0131F-1CA2-4433-8473-7C890C769581}_is1" = Monitor Off Utility 1.0
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4590D323-F7A7-4FD0-B133-956B40FFDD43}" = Xmarks for IE
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{576C2EBB-1476-4F43-86FC-E2517075C750}" = TD AMERITRADE StrategyDesk 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{64619D4F-9F26-7385-13CD-CF437EB1B778}" = Maximizer CRM Help
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EB46CEF-A947-44B8-95B5-BDF19B761590}" = ProfiDing
"{A373F67B-8305-4CE0-AA04-59E3FAED7693}" = pcFORMation 5.3.1 Real Estate Forms Demo
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A6CB7126-16B0-6D09-4D46-FA6E2A3D135A}" = MaxExchange Remote Help
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA3155-780B-A582-81EC-4E803375E151}" = Maximizer CRM Administrator Help
"{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"BSPlayerf" = BS.Player FREE
"FileZilla Client" = FileZilla Client 3.5.2
"Glary Utilities_is1" = Glary Utilities 2.37.0.1260
"Google Calendar Sync" = Google Calendar Sync
"GuitarSpeedTrainer_is1" = GST 2.3.8.4
"InstallShield_{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Maximizer CRM 11_{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11 Group Edition Workstation
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Rename Master_is1" = Rename Master
"Simpli Software's Places Utility_is1" = Simpli Software's Places Utility v1.0
"Tag&Rename_is1" = Tag&Rename 3.5
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"thinkorswim" = thinkorswim
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XobniMain" = Xobni

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"aaa" = aaa
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SugarSync" = SugarSync Manager
"Trader Workstation" = Trader Workstation
"TWS Beta (Build 9170)" = TWS Beta (Build 9170)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-15 13:56:54
-----------------------------
13:56:54.235 OS Version: Windows x64 6.1.7601 Service Pack 1
13:56:54.235 Number of processors: 2 586 0x1706
13:56:54.235 ComputerName: ERIC-LAPTOP UserName: Eric
13:56:59.508 Initialize success
14:02:33.507 AVAST engine defs: 12011501
14:07:32.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:07:32.817 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001M Size: 476940MB BusType: 11
14:07:32.832 Disk 0 MBR read successfully
14:07:32.836 Disk 0 MBR scan
14:07:32.841 Disk 0 Windows 7 default MBR code
14:07:32.856 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:07:32.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464951 MB offset 3074048
14:07:32.911 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10488 MB offset 955293696
14:07:32.917 Service scanning
14:07:34.136 Modules scanning
14:07:34.141 Disk 0 trace - called modules:
14:07:34.188 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:07:34.193 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bc55d0]
14:07:34.199 3 CLASSPNP.SYS[fffff88001b9d43f] -> nt!IofCallDriver -> [0xfffffa8007aaa090]
14:07:34.207 5 ACPI.sys[fffff88000faa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007aad060]
14:07:35.991 AVAST engine scan C:\Windows
14:07:38.948 AVAST engine scan C:\Windows\system32
14:07:52.931 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
14:09:47.322 AVAST engine scan C:\Windows\system32\drivers
14:10:01.157 AVAST engine scan C:\Users\Eric
15:21:17.971 AVAST engine scan C:\ProgramData
15:24:53.861 Scan finished successfully
15:38:23.270 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
15:38:23.298 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"

Thanks in advance for your help!

Attached Thumbnails

  • 20120114_001915.jpg

  • 0

Advertisements

#2
ericc2728
Posted 15 January 2012 - 07:53 PM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
also forgot to tell you, norton tech support is useless, they tried to do system restore and now my computer won't even start. i tried doing start up repair too and that didn't work either. i can only boot my computer in safe mode
  • 0

#3
RKinner
Posted 15 January 2012 - 07:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#4
RKinner
Posted 15 January 2012 - 07:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
It's OK to run any of the above in Safe Mode tho Safe Mode with Networking would be better.
  • 0

#5
ericc2728
Posted 16 January 2012 - 08:31 PM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
thanks for those great and clear instructions, below is everything you requested. Really appreciate your help!


ComboFix 12-01-16.02 - Eric 01/16/2012 18:42:42.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.7182 [GMT -5:00]
Running from: c:\users\Eric\Desktop\geeks to go\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\Thumbs.db
c:\windows\System64
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-14 06:06 . 2011-12-21 07:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 06:06 . 2011-12-21 04:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-14 06:06 . 2011-12-21 04:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 06:06 . 2011-12-21 04:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 04:24 . 2012-01-14 15:32 -------- d-----w- C:\NBRT
2012-01-14 01:04 . 2012-01-14 01:04 -------- d-----w- C:\NPE
2012-01-13 22:20 . 2012-01-16 23:56 -------- d-----w- c:\users\Eric\AppData\Local\Temp
2012-01-13 21:21 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-13 19:38 . 2012-01-13 19:38 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-11 21:06 . 2012-01-11 21:06 -------- d-----w- c:\program files (x86)\WebGear
2012-01-11 20:29 . 2012-01-11 20:29 326268174 ----a-w- C:\Regbackup.reg
2012-01-11 20:04 . 2012-01-14 05:56 -------- d-----w- c:\users\Eric\AppData\Local\NPE
2012-01-11 08:27 . 2012-01-13 21:06 -------- d-----w- c:\program files (x86)\679C1
2012-01-11 07:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 07:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 07:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 07:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 07:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 07:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 07:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 21:01 . 2012-01-09 21:01 -------- d-----w- c:\users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-26 03:59 . 2011-12-26 04:00 -------- d-----w- c:\program files\iTunes
2011-12-26 03:59 . 2011-12-26 04:00 -------- d-----w- c:\program files (x86)\iTunes
2011-12-26 03:59 . 2011-12-26 03:59 -------- d-----w- c:\program files\iPod
2011-12-20 05:06 . 2011-12-20 05:06 -------- d-----w- c:\users\Eric\AppData\Roaming\Synaptics
2011-12-20 05:04 . 2011-12-20 05:04 -------- d-----w- c:\program files\Synaptics
2011-12-20 05:03 . 2011-12-20 05:13 -------- d-----w- c:\programdata\Synaptics
2011-12-20 05:03 . 2011-12-20 05:03 -------- d-----w- c:\program files (x86)\Synaptics
2011-12-20 05:03 . 2011-03-31 23:29 274728 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-20 05:03 . 2011-03-31 23:29 218408 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-12-20 05:03 . 2011-03-31 23:29 411432 ----a-w- c:\windows\system32\SynCOM.dll
2011-12-20 05:03 . 2011-03-31 23:29 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-12-20 05:03 . 2011-03-31 23:32 1424944 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-20 05:03 . 2011-03-31 23:29 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2011-12-20 05:03 . 2011-03-31 23:29 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-12-20 05:03 . 2011-03-31 23:29 225576 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-20 05:03 . 2011-03-31 23:29 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-20 04:38 . 2011-12-20 04:38 -------- d-----w- c:\windows\system32\Macromed
2011-12-19 03:31 . 2012-01-11 21:03 -------- d-----w- c:\users\Eric\AppData\Roaming\Skype
2011-12-19 03:30 . 2012-01-11 21:03 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 22:38 . 2011-06-02 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 03:23 . 2011-11-25 03:23 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-11-25 03:23 . 2011-11-25 03:23 98616 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-11-24 04:52 . 2011-12-14 06:20 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 06:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:03 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:03 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 06:20 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-04-09 00:57 . 2011-04-09 00:57 12535496 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dekisoft Monitor Off Utility"="c:\program files (x86)\Monitor Off Utility\monoff.exe" [2011-03-20 303104]
"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2011-08-19 1121832]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2011-12-22 12214272]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-10-14 631984]
"chromium"="c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 1047024]
"GoogleContactSync"="c:\program files (x86)\WebGear\GO Contact Sync\GOContactSync.exe" [2011-11-07 857600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R2 LMIRescue_0fe6e286-2520-4db5-80eb-6fd4c551264d;LogMeIn Rescue (0fe6e286-2520-4db5-80eb-6fd4c551264d);c:\users\Eric\AppData\Local\Temp\LMIR0002.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_261da54f-1e37-4813-8d88-0419630b1c3d;LogMeIn Rescue (261da54f-1e37-4813-8d88-0419630b1c3d);c:\users\Eric\AppData\Local\Temp\LMIR0003.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_28ec28fe-b6a0-41cf-875f-97e948bf15af;LogMeIn Rescue (28ec28fe-b6a0-41cf-875f-97e948bf15af);c:\users\Eric\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 SQLAgent$MAXIMIZER;SQL Server Agent (MAXIMIZER);c:\program files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSvia64.sys [2011-08-23 488568]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 MSSQL$MAXIMIZER;SQL Server (MAXIMIZER);c:\program files\Microsoft SQL Server\MSSQL10_50.MAXIMIZER\MSSQL\Binn\sqlservr.exe [2011-04-24 61916000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-02-11 62184]
S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys [x]
S3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 18:39]
.
2012-01-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
- c:\users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 18:39]
.
2012-01-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-05-30 13:26]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 10:19]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 10:19]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 20:09]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 20:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-12-22 12:47 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"combofix"="c:\combofix\CF12698.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://movedowntown...n/MyOffice.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
DPF: {026ECE7F-AC77-42C1-AFA7-9576D1A4EAB6} - hxxp://www.formsrus.com/53/setup.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://cbrmls.columbusrealtors.com/5.1.01.11828/Control/IRCSharc.cab
DPF: {ECC56E5B-BE50-4691-BAE5-1BB7DF70BF95} - hxxp://www.formsrus.com/REforms/setup.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50707
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKU-Default-Run-RoboForm - c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-aaa - c:\windows\system32\javaws.exe
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
AddRemove-TWS Beta (Build 9170) - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_˜\00\00˜\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~˜\00\00˜\00\00\00\00˜\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,09,ce,2e,95,53,88,48,b2,44,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,4c,14,00,00,01,00,00,00,1f,00,00,00,5a,00,
00,00,00,00,00,00,4c,00,31,00,00,00,00,00,00,5f,97,ad,10,00,57,6f,72,64,73,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* \Words]
"Order"=hex:08,00,00,00,02,00,00,00,60,04,00,00,01,00,00,00,07,00,00,00,b0,00,
00,00,06,00,00,00,a2,00,32,00,84,00,00,00,00,fc,6c,62,20,00,31,35,43,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A*D* ]
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,a4,08,00,00,01,00,00,00,0e,00,00,00,78,00,
00,00,0d,00,00,00,6a,00,32,00,84,00,00,00,00,81,71,03,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Images]
"Order"=hex:08,00,00,00,02,00,00,00,b2,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,84,00,00,00,00,bf,cc,b7,20,00,46,6c,69,63,6b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Personal Devolopment]
"Order"=hex:08,00,00,00,02,00,00,00,48,01,00,00,01,00,00,00,02,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,36,a0,e6,20,00,41,4e,54,48,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* \Success and Motivation]
"Order"=hex:08,00,00,00,02,00,00,00,a0,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,10,e0,65,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,84,0a,00,00,01,00,00,00,10,00,00,00,88,00,
00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,55,b9,10,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,50,08,00,00,01,00,00,00,0c,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,84,00,00,00,00,49,be,f8,20,00,41,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,f0,09,00,00,01,00,00,00,0e,00,00,00,a2,00,
00,00,0d,00,00,00,94,00,32,00,84,00,00,00,00,62,01,d9,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*m*p*u*t*e*r*s* *a*n*d* *T*e*c*h*n*o*l*o*g*y* \Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,88,06,00,00,01,00,00,00,0a,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,d0,25,01,20,00,45,58,50,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology]
"Order"=hex:08,00,00,00,02,00,00,00,7a,14,00,00,01,00,00,00,1d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,31,00,00,00,00,00,00,b8,33,b2,10,00,4d,45,44,49,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Media Guides]
"Order"=hex:08,00,00,00,02,00,00,00,c2,07,00,00,01,00,00,00,0b,00,00,00,b8,00,
00,00,00,00,00,00,aa,00,32,00,84,00,00,00,00,3f,67,9f,20,00,41,46,54,45,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Proxy]
"Order"=hex:08,00,00,00,02,00,00,00,6c,09,00,00,01,00,00,00,0d,00,00,00,a6,00,
00,00,0c,00,00,00,98,00,32,00,84,00,00,00,00,f5,03,1a,20,00,53,48,41,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*i*n*a*n*c*i*a*l* *I*n*f*o* \Computers and Technology\Technical Support]
"Order"=hex:08,00,00,00,02,00,00,00,08,06,00,00,01,00,00,00,09,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,22,83,aa,20,00,46,49,52,45,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*o*o*d* \Food Carryout]
"Order"=hex:08,00,00,00,02,00,00,00,56,14,00,00,01,00,00,00,21,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,b3,bf,9b,20,00,41,50,50,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF (1542011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,64,02,00,00,01,00,00,00,04,00,00,00,ae,00,
00,00,01,00,00,00,a0,00,32,00,84,00,00,00,00,53,03,c0,20,00,41,53,49,41,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \AMWF 2 (1842011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,c0,03,00,00,01,00,00,00,06,00,00,00,96,00,
00,00,03,00,00,00,88,00,32,00,84,00,00,00,00,79,7d,14,20,00,41,42,4f,55,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,02,e3,79,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \camping checklist (792011)--5tabs\window 2555]
"Order"=hex:08,00,00,00,02,00,00,00,14,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,02,00,00,00,74,00,32,00,84,00,00,00,00,11,17,1f,20,00,43,41,4d,50,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,41,ea,92,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \didlos (1112012)--7tabs\window 69]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,c8,00,
00,00,04,00,00,00,ba,00,32,00,84,00,00,00,00,23,4b,74,20,00,41,44,41,4d,26,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,fe,fb,84,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs (1112012)--10tabs\window 101]
"Order"=hex:08,00,00,00,02,00,00,00,40,07,00,00,01,00,00,00,0a,00,00,00,7c,00,
00,00,07,00,00,00,6e,00,32,00,84,00,00,00,00,66,be,fc,20,00,43,53,54,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,be,2c,d3,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ebay thongs shoppingfromeast (1112012)--2tabs\window 122]
"Order"=hex:08,00,00,00,02,00,00,00,90,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,9d,35,4f,20,00,53,45,58,59,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Eye Stuff (2652011)--6tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,04,00,00,01,00,00,00,06,00,00,00,da,00,
00,00,04,00,00,00,cc,00,32,00,84,00,00,00,00,0b,5d,f4,20,00,42,4c,55,45,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,5e,cc,f4,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1182011)--14tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,12,0b,00,00,01,00,00,00,0e,00,00,00,de,00,
00,00,07,00,00,00,d0,00,32,00,84,00,00,00,00,76,56,c7,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8d,64,d0,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1282011)--12tabs\window 77]
"Order"=hex:08,00,00,00,02,00,00,00,6a,09,00,00,01,00,00,00,0c,00,00,00,90,00,
00,00,07,00,00,00,82,00,32,00,84,00,00,00,00,5d,24,91,20,00,42,45,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,78,d8,27,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1382011)--12tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,f6,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,08,00,00,00,c6,00,32,00,84,00,00,00,00,99,5b,0e,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \h*a*r*n*e*s*s* *(*1*3*8*2*0*1*1*)*-*-*1*2*t*a*b*s* \window 107]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,02,00,00,00,da,00,
00,00,01,00,00,00,cc,00,32,00,84,00,00,00,00,e2,91,71,20,00,44,4f,55,42,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,d3,f3,4d,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--10tabs\window 442]
"Order"=hex:08,00,00,00,02,00,00,00,a2,07,00,00,01,00,00,00,0a,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,84,00,00,00,00,2e,16,49,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,88,5a,ed,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \harness (1582011)--13tabs\window 44]
"Order"=hex:08,00,00,00,02,00,00,00,cc,0a,00,00,01,00,00,00,0d,00,00,00,e0,00,
00,00,02,00,00,00,d2,00,32,00,84,00,00,00,00,36,22,53,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \ice maker (1942011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4a,07,00,00,01,00,00,00,0b,00,00,00,78,00,
00,00,06,00,00,00,6a,00,32,00,84,00,00,00,00,db,1d,db,20,00,41,44,53,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,c1,15,ba,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (1312012)--9tabs\window 16]
"Order"=hex:08,00,00,00,02,00,00,00,02,06,00,00,01,00,00,00,09,00,00,00,de,00,
00,00,04,00,00,00,d0,00,32,00,84,00,00,00,00,58,c7,ea,20,00,42,45,54,54,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,72,4d,02,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (2972011)--5tabs\window 107]
"Order"=hex:08,00,00,00,02,00,00,00,5c,04,00,00,01,00,00,00,05,00,00,00,e6,00,
00,00,00,00,00,00,d8,00,32,00,84,00,00,00,00,67,fb,24,20,00,4d,41,53,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,9f,ed,05,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (572011)--15tabs\window 52]
"Order"=hex:08,00,00,00,02,00,00,00,62,0b,00,00,01,00,00,00,0f,00,00,00,e6,00,
00,00,06,00,00,00,d8,00,32,00,84,00,00,00,00,67,b2,65,20,00,36,32,37,32,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,ce,68,8a,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \latest (982011)--11tabs\window 26]
"Order"=hex:08,00,00,00,02,00,00,00,ea,08,00,00,01,00,00,00,0b,00,00,00,d4,00,
00,00,04,00,00,00,c6,00,32,00,84,00,00,00,00,95,67,83,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pbay porn (3152011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,34,06,00,00,01,00,00,00,07,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,12,04,bd,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,8f,b5,83,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned for ipad (572011)--5tabs\window 53]
"Order"=hex:08,00,00,00,02,00,00,00,4c,03,00,00,01,00,00,00,05,00,00,00,c8,00,
00,00,02,00,00,00,ba,00,32,00,84,00,00,00,00,ee,fb,ab,20,00,42,49,4f,52,55,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Pinned Tabs (1542011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ea,04,00,00,01,00,00,00,07,00,00,00,d2,00,
00,00,06,00,00,00,c4,00,32,00,84,00,00,00,00,61,d0,89,20,00,42,55,53,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pinned tabs (2842011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,da,09,00,00,01,00,00,00,0d,00,00,00,9e,00,
00,00,05,00,00,00,90,00,32,00,84,00,00,00,00,20,d4,31,20,00,43,4f,4f,4c,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \pirate bay xxx (1552011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,ba,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,01,00,00,00,ea,00,32,00,84,00,00,00,00,3c,a1,9c,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,d5,83,9c,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Plump (2962011)--25tabs\window 105]
"Order"=hex:08,00,00,00,02,00,00,00,54,0f,00,00,01,00,00,00,19,00,00,00,7e,00,
00,00,05,00,00,00,70,00,32,00,84,00,00,00,00,6c,0a,e4,20,00,42,42,57,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,ef,e3,42,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (1192011)--13tabs\window 85]
"Order"=hex:08,00,00,00,02,00,00,00,f8,0a,00,00,01,00,00,00,0d,00,00,00,de,00,
00,00,00,00,00,00,d0,00,32,00,84,00,00,00,00,c1,02,ee,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,4b,d5,09,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2392011)--15tabs\window 1094]
"Order"=hex:08,00,00,00,02,00,00,00,74,0d,00,00,01,00,00,00,0f,00,00,00,f8,00,
00,00,06,00,00,00,ea,00,32,00,84,00,00,00,00,18,fa,ed,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,00,86,9f,1f,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \porn (2492011)--26tabs\window 1626]
"Order"=hex:08,00,00,00,02,00,00,00,94,15,00,00,01,00,00,00,1a,00,00,00,d4,00,
00,00,11,00,00,00,c6,00,32,00,84,00,00,00,00,ae,63,90,20,00,5f,37,32,30,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs]
"Order"=hex:08,00,00,00,02,00,00,00,72,00,00,00,01,00,00,00,01,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,b6,2b,2e,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Restore session on 1092011 (1092011)--17tabs\window 59]
"Order"=hex:08,00,00,00,02,00,00,00,f4,0c,00,00,01,00,00,00,11,00,00,00,e6,00,
00,00,0b,00,00,00,d8,00,32,00,84,00,00,00,00,b5,43,42,20,00,36,54,4f,31,30,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,b2,d3,71,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \Rooting Phone (7102011)--4tabs\window 137]
"Order"=hex:08,00,00,00,02,00,00,00,84,03,00,00,01,00,00,00,04,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,79,2a,44,20,00,5f,47,55,49,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs]
"Order"=hex:08,00,00,00,02,00,00,00,74,00,00,00,01,00,00,00,01,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,94,fc,b1,10,00,57,49,4e,44,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*e*s*h*S*t*a*r*t* *S*e*s*s*i*o*n*s* \STVI (2062011)--7tabs\window 276]
"Order"=hex:08,00,00,00,02,00,00,00,62,05,00,00,01,00,00,00,07,00,00,00,c2,00,
00,00,02,00,00,00,b4,00,32,00,84,00,00,00,00,2b,b7,b1,20,00,42,4f,41,52,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\G*a*m*i*n*g* \Singularity]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,02,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,18,78,46,20,00,50,52,4f,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,3a,02,00,00,01,00,00,00,03,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,ac,ec,cd,20,00,42,4c,41,43,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Generators]
"Order"=hex:08,00,00,00,02,00,00,00,5e,07,00,00,01,00,00,00,0c,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,8c,aa,96,20,00,42,45,48,49,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \My Web Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a8,01,00,00,01,00,00,00,03,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,bd,5d,3b,20,00,46,41,53,54,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*n*t*e*r*n*e*t* *M*a*r*k*e*t*i*n*g* \Spam]
"Order"=hex:08,00,00,00,02,00,00,00,66,01,00,00,01,00,00,00,02,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,21,69,44,20,00,47,45,54,54,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Apartment Rentals]
"Order"=hex:08,00,00,00,02,00,00,00,9e,03,00,00,01,00,00,00,05,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,c7,e7,d8,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Business App Pages]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,01,00,00,00,80,00,32,00,84,00,00,00,00,00,3b,56,20,00,53,4b,59,44,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Continuing Education]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,02,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,fe,f1,cd,20,00,4f,48,49,4f,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Marketing]
"Order"=hex:08,00,00,00,02,00,00,00,e2,10,00,00,01,00,00,00,1b,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,30,11,ae,20,00,31,26,31,43,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate]
"Order"=hex:08,00,00,00,02,00,00,00,22,0f,00,00,01,00,00,00,1a,00,00,00,6a,00,
00,00,08,00,00,00,5c,00,31,00,00,00,00,00,00,c0,97,7a,10,00,45,58,49,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0d,00,00,01,00,00,00,15,00,00,00,68,00,
00,00,10,00,00,00,5a,00,31,00,00,00,00,00,00,75,53,49,10,00,55,54,49,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Exit Realty\Utiltities]
"Order"=hex:08,00,00,00,02,00,00,00,96,00,00,00,01,00,00,00,01,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,9f,e9,9a,20,00,41,45,50,4f,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Hard Money Loans]
"Order"=hex:08,00,00,00,02,00,00,00,a6,03,00,00,01,00,00,00,05,00,00,00,c2,00,
00,00,00,00,00,00,b4,00,32,00,84,00,00,00,00,03,4a,b5,20,00,42,52,4f,4f,4b,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Investing]
"Order"=hex:08,00,00,00,02,00,00,00,d6,04,00,00,01,00,00,00,07,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,84,00,00,00,00,41,85,f6,20,00,48,41,52,44,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Marketing Sites]
"Order"=hex:08,00,00,00,02,00,00,00,e8,08,00,00,01,00,00,00,0b,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,f0,cb,4d,20,00,41,4c,45,58,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Real Estate\Printers and Sign]
"Order"=hex:08,00,00,00,02,00,00,00,66,0a,00,00,01,00,00,00,11,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,61,e9,e5,20,00,34,42,55,4d,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*o*v*e* *D*o*w*n*t*o*w*n* \Sites to link to]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,01,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,0a,4d,2d,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Fishing]
"Order"=hex:08,00,00,00,02,00,00,00,32,07,00,00,01,00,00,00,0b,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,5e,02,93,20,00,41,52,45,57,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Galaxy S2]
"Order"=hex:08,00,00,00,02,00,00,00,ea,0a,00,00,01,00,00,00,0e,00,00,00,f8,00,
00,00,0c,00,00,00,ea,00,32,00,84,00,00,00,00,17,ec,9f,20,00,5f,41,43,53,5f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Guitar Tabs]
"Order"=hex:08,00,00,00,02,00,00,00,4c,04,00,00,01,00,00,00,06,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,84,00,00,00,00,86,4b,dc,20,00,39,31,31,54,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Local]
"Order"=hex:08,00,00,00,02,00,00,00,78,01,00,00,01,00,00,00,03,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,59,ba,6f,20,00,43,4f,4c,55,4d,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Rhymes]
"Order"=hex:08,00,00,00,02,00,00,00,d8,01,00,00,01,00,00,00,03,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,55,aa,4a,20,00,46,52,45,45,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*y* *S*t*u*f*f* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,a2,03,00,00,01,00,00,00,05,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,2d,13,e1,20,00,41,4d,45,52,49,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \AD]
"Order"=hex:08,00,00,00,02,00,00,00,e0,09,00,00,01,00,00,00,10,00,00,00,78,00,
00,00,0e,00,00,00,6a,00,32,00,84,00,00,00,00,d0,ef,36,20,00,41,44,55,4c,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Apple Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,f6,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,de,14,0f,20,00,41,50,50,54,52,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive]
"Order"=hex:08,00,00,00,02,00,00,00,12,0f,00,00,01,00,00,00,1c,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,38,13,8d,20,00,41,43,45,54,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Exclusive Not Signed Up]
"Order"=hex:08,00,00,00,02,00,00,00,8a,05,00,00,01,00,00,00,0b,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,07,2f,f3,20,00,62,69,74,47,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Forums]
"Order"=hex:08,00,00,00,02,00,00,00,20,04,00,00,01,00,00,00,06,00,00,00,a4,00,
00,00,00,00,00,00,96,00,32,00,84,00,00,00,00,7a,c7,cd,20,00,46,49,4c,45,4e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Meta Search Engines]
"Order"=hex:08,00,00,00,02,00,00,00,f2,02,00,00,01,00,00,00,05,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,84,00,00,00,00,d0,1b,55,20,00,4c,4f,4f,4b,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*e*r*t*o*P*e*e*r* \Security and Apps]
"Order"=hex:08,00,00,00,02,00,00,00,4a,02,00,00,01,00,00,00,04,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,fe,6c,8a,20,00,42,49,53,53,46,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Christmas Gifts]
"Order"=hex:08,00,00,00,02,00,00,00,88,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,c7,c6,f1,20,00,50,4f,47,4f,50,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Comparison Shopping and Deals]
"Order"=hex:08,00,00,00,02,00,00,00,2a,09,00,00,01,00,00,00,0d,00,00,00,6c,00,
00,00,00,00,00,00,5e,00,32,00,84,00,00,00,00,cd,fe,e8,20,00,42,69,7a,72,61,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Department Stores]
"Order"=hex:08,00,00,00,02,00,00,00,a6,01,00,00,01,00,00,00,03,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,84,00,00,00,00,8e,3e,37,20,00,4b,4d,41,52,54,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Electronics, Computers & Accessories]
"Order"=hex:08,00,00,00,02,00,00,00,2a,0c,00,00,01,00,00,00,12,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,59,1f,28,20,00,41,42,54,2d,43,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas]
"Order"=hex:08,00,00,00,02,00,00,00,24,04,00,00,01,00,00,00,07,00,00,00,7e,00,
00,00,06,00,00,00,70,00,31,00,00,00,00,00,00,38,9a,2a,10,00,57,45,45,4b,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Grocery & Pharmacy & Gas\Weekly Shopping Lists]
"Order"=hex:08,00,00,00,02,00,00,00,f8,01,00,00,01,00,00,00,03,00,00,00,6a,00,
00,00,01,00,00,00,5c,00,32,00,84,00,00,00,00,3d,1b,5f,20,00,4b,72,6f,67,65,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Office Supplies]
"Order"=hex:08,00,00,00,02,00,00,00,98,04,00,00,01,00,00,00,06,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,ef,bf,5e,20,00,42,41,4c,53,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements]
"Order"=hex:08,00,00,00,02,00,00,00,38,03,00,00,01,00,00,00,05,00,00,00,68,00,
00,00,03,00,00,00,5a,00,31,00,00,00,00,00,00,e7,3b,73,10,00,4e,45,57,46,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sex supplements\New folder]
"Order"=hex:08,00,00,00,02,00,00,00,b6,0c,00,00,01,00,00,00,11,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,2d,bb,d3,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \sit stand desks, and laptop mounts]
"Order"=hex:08,00,00,00,02,00,00,00,82,09,00,00,01,00,00,00,0c,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,53,5d,08,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements]
"Order"=hex:08,00,00,00,02,00,00,00,86,0a,00,00,01,00,00,00,10,00,00,00,76,00,
00,00,06,00,00,00,68,00,31,00,00,00,00,00,00,05,99,7e,10,00,42,53,4e,53,48,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,31,00,00,00,00,00,00,7b,a9,91,10,00,5f,46,4f,4c,44,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Supplements\BSN Shopping tabs\[Folder Name]]
"Order"=hex:08,00,00,00,02,00,00,00,a0,08,00,00,01,00,00,00,0b,00,00,00,60,00,
00,00,0a,00,00,00,52,00,32,00,84,00,00,00,00,cb,53,1b,20,00,35,34,32,30,7e,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Travel]
"Order"=hex:08,00,00,00,02,00,00,00,c2,01,00,00,01,00,00,00,02,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,9e,f8,f5,20,00,41,49,52,46,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* \Under Armour]
"Order"=hex:08,00,00,00,02,00,00,00,5c,08,00,00,01,00,00,00,0b,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,29,fc,6d,20,00,42,55,59,4d,45,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Dating Sites]
"Order"=hex:08,00,00,00,02,00,00,00,98,08,00,00,01,00,00,00,0d,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,c6,22,66,20,00,41,52,45,59,4f,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Misc Socializing]
"Order"=hex:08,00,00,00,02,00,00,00,44,02,00,00,01,00,00,00,04,00,00,00,be,00,
00,00,00,00,00,00,b0,00,32,00,84,00,00,00,00,a9,a7,aa,20,00,4d,59,53,50,41,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*o*c*i*a*l*i*z*i*n*g* \Sed]
"Order"=hex:08,00,00,00,02,00,00,00,16,05,00,00,01,00,00,00,06,00,00,00,cc,00,
00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,50,be,42,20,00,41,43,4d,45,4c,\
.
[HKEY_USERS\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*o*r*t*s* \Volleyball]
"Order"=hex:08,00,00,00,02,00,00,00,0e,07,00,00,01,00,00,00,09,00,00,00,ce,00,
00,00,00,00,00,00,c0,00,32,00,84,00,00,00,00,01,db,98,20,00,41,4c,4c,41,42,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-01-16 19:03:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 00:03
.
Pre-Run: 83,421,265,920 bytes free
Post-Run: 82,958,397,440 bytes free
.
- - End Of File - - 31E5C48BA41E3BBA5B16B08B1A1039C2


19:26:55.0320 2284 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
19:26:57.0323 2284 ============================================================
19:26:57.0323 2284 Current date / time: 2012/01/16 19:26:57.0323
19:26:57.0323 2284 SystemInfo:
19:26:57.0323 2284
19:26:57.0323 2284 OS Version: 6.1.7601 ServicePack: 1.0
19:26:57.0323 2284 Product type: Workstation
19:26:57.0323 2284 ComputerName: ERIC-LAPTOP
19:26:57.0323 2284 UserName: Eric
19:26:57.0323 2284 Windows directory: C:\Windows
19:26:57.0323 2284 System windows directory: C:\Windows
19:26:57.0324 2284 Running under WOW64
19:26:57.0324 2284 Processor architecture: Intel x64
19:26:57.0324 2284 Number of processors: 2
19:26:57.0324 2284 Page size: 0x1000
19:26:57.0324 2284 Boot type: Normal boot
19:26:57.0324 2284 ============================================================
19:26:59.0676 2284 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
19:26:59.0817 2284 Initialize success
19:28:25.0826 4844 ============================================================
19:28:25.0826 4844 Scan started
19:28:25.0826 4844 Mode: Manual; SigCheck; TDLFS;
19:28:25.0826 4844 ============================================================
19:28:28.0431 4844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:28:28.0665 4844 1394ohci - ok
19:28:28.0852 4844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:28:28.0883 4844 ACPI - ok
19:28:29.0055 4844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:28:29.0148 4844 AcpiPmi - ok
19:28:29.0367 4844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:29.0398 4844 adp94xx - ok
19:28:29.0585 4844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:28:29.0648 4844 adpahci - ok
19:28:29.0804 4844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:28:29.0850 4844 adpu320 - ok
19:28:30.0038 4844 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:28:30.0131 4844 AFD - ok
19:28:30.0334 4844 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
19:28:30.0428 4844 AgereSoftModem - ok
19:28:30.0599 4844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:28:30.0630 4844 agp440 - ok
19:28:30.0786 4844 AirDisplay (45a5228c6fa82380ccb20a9d9a5be6f0) C:\Windows\system32\DRIVERS\AVVideoCard.sys
19:28:30.0911 4844 AirDisplay - ok
19:28:31.0052 4844 AirDisplayMirror (b889a6a38d0bcb44caabeb6234700fc9) C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys
19:28:31.0083 4844 AirDisplayMirror - ok
19:28:31.0270 4844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:28:31.0301 4844 aliide - ok
19:28:31.0457 4844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:28:31.0488 4844 amdide - ok
19:28:31.0660 4844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:28:31.0722 4844 AmdK8 - ok
19:28:31.0863 4844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:28:31.0910 4844 AmdPPM - ok
19:28:32.0081 4844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:28:32.0112 4844 amdsata - ok
19:28:32.0268 4844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:32.0300 4844 amdsbs - ok
19:28:32.0471 4844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:28:32.0502 4844 amdxata - ok
19:28:32.0690 4844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:28:32.0877 4844 AppID - ok
19:28:33.0080 4844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:28:33.0111 4844 arc - ok
19:28:33.0314 4844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:28:33.0345 4844 arcsas - ok
19:28:33.0501 4844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:33.0704 4844 AsyncMac - ok
19:28:33.0844 4844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:28:33.0875 4844 atapi - ok
19:28:34.0156 4844 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:28:34.0421 4844 atikmdag - ok
19:28:34.0608 4844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:28:34.0718 4844 b06bdrv - ok
19:28:34.0889 4844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:28:34.0936 4844 b57nd60a - ok
19:28:35.0108 4844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:28:35.0186 4844 Beep - ok
19:28:35.0466 4844 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
19:28:35.0513 4844 BHDrvx64 - ok
19:28:35.0669 4844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:35.0732 4844 blbdrive - ok
19:28:35.0903 4844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:28:35.0981 4844 bowser - ok
19:28:36.0153 4844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:28:36.0262 4844 BrFiltLo - ok
19:28:36.0402 4844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:28:36.0449 4844 BrFiltUp - ok
19:28:36.0652 4844 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:28:36.0730 4844 BridgeMP - ok
19:28:36.0886 4844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:28:36.0948 4844 Brserid - ok
19:28:37.0089 4844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:37.0136 4844 BrSerWdm - ok
19:28:37.0292 4844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:37.0354 4844 BrUsbMdm - ok
19:28:37.0494 4844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:37.0541 4844 BrUsbSer - ok
19:28:37.0713 4844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:37.0791 4844 BTHMODEM - ok
19:28:37.0869 4844 catchme - ok
19:28:38.0025 4844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:28:38.0118 4844 cdfs - ok
19:28:38.0274 4844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:28:38.0352 4844 cdrom - ok
19:28:38.0524 4844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:28:38.0602 4844 circlass - ok
19:28:38.0727 4844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:28:38.0758 4844 CLFS - ok
19:28:38.0945 4844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:38.0992 4844 CmBatt - ok
19:28:39.0132 4844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:28:39.0195 4844 cmdide - ok
19:28:39.0351 4844 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:28:39.0413 4844 CNG - ok
19:28:39.0569 4844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:28:39.0600 4844 Compbatt - ok
19:28:39.0788 4844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:28:39.0866 4844 CompositeBus - ok
19:28:40.0053 4844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:40.0084 4844 crcdisk - ok
19:28:40.0271 4844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:28:40.0365 4844 DfsC - ok
19:28:40.0536 4844 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
19:28:40.0552 4844 dg_ssudbus - ok
19:28:40.0724 4844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:28:40.0802 4844 discache - ok
19:28:40.0958 4844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:28:40.0989 4844 Disk - ok
19:28:41.0176 4844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:28:41.0238 4844 drmkaud - ok
19:28:41.0410 4844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:28:41.0504 4844 DXGKrnl - ok
19:28:41.0738 4844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:28:41.0894 4844 ebdrv - ok
19:28:42.0034 4844 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:28:42.0065 4844 eeCtrl - ok
19:28:42.0237 4844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:28:42.0284 4844 elxstor - ok
19:28:42.0408 4844 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:28:42.0440 4844 EraserUtilRebootDrv - ok
19:28:42.0580 4844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:28:42.0627 4844 ErrDev - ok
19:28:42.0767 4844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:28:42.0845 4844 exfat - ok
19:28:42.0986 4844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:28:43.0095 4844 fastfat - ok
19:28:43.0235 4844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:28:43.0298 4844 fdc - ok
19:28:43.0469 4844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:28:43.0500 4844 FileInfo - ok
19:28:43.0641 4844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:28:43.0719 4844 Filetrace - ok
19:28:43.0890 4844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:43.0922 4844 flpydisk - ok
19:28:44.0062 4844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:28:44.0078 4844 FltMgr - ok
19:28:44.0234 4844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:28:44.0265 4844 FsDepends - ok
19:28:44.0405 4844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:28:44.0436 4844 Fs_Rec - ok
19:28:44.0608 4844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:28:44.0655 4844 fvevol - ok
19:28:44.0826 4844 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
19:28:44.0904 4844 FwLnk - ok
19:28:45.0045 4844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:45.0076 4844 gagp30kx - ok
19:28:45.0216 4844 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:28:45.0232 4844 GEARAspiWDM - ok
19:28:45.0450 4844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:28:45.0528 4844 hcw85cir - ok
19:28:46.0028 4844 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:28:46.0074 4844 HdAudAddService - ok
19:28:46.0262 4844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:28:46.0340 4844 HDAudBus - ok
19:28:46.0480 4844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:46.0542 4844 HidBatt - ok
19:28:46.0667 4844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:28:46.0730 4844 HidBth - ok
19:28:46.0870 4844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:28:46.0932 4844 HidIr - ok
19:28:47.0135 4844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:28:47.0198 4844 HidUsb - ok
19:28:47.0354 4844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:28:47.0369 4844 HpSAMD - ok
19:28:47.0603 4844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:28:47.0681 4844 HTTP - ok
19:28:47.0822 4844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:28:47.0853 4844 hwpolicy - ok
19:28:48.0024 4844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:28:48.0056 4844 i8042prt - ok
19:28:48.0243 4844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:28:48.0274 4844 iaStorV - ok
19:28:48.0524 4844 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSvia64.sys
19:28:48.0570 4844 IDSVia64 - ok
19:28:48.0711 4844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:28:48.0742 4844 iirsp - ok
19:28:48.0882 4844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:28:48.0898 4844 intelide - ok
19:28:49.0070 4844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:28:49.0116 4844 intelppm - ok
19:28:49.0257 4844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:49.0350 4844 IpFilterDriver - ok
19:28:49.0491 4844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:28:49.0538 4844 IPMIDRV - ok
19:28:49.0678 4844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:28:49.0756 4844 IPNAT - ok
19:28:49.0959 4844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:28:50.0052 4844 IRENUM - ok
19:28:50.0193 4844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:28:50.0224 4844 isapnp - ok
19:28:50.0380 4844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:28:50.0427 4844 iScsiPrt - ok
19:28:50.0598 4844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:28:50.0630 4844 kbdclass - ok
19:28:50.0801 4844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:28:50.0864 4844 kbdhid - ok
19:28:51.0035 4844 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:28:51.0082 4844 KSecDD - ok
19:28:51.0207 4844 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:28:51.0238 4844 KSecPkg - ok
19:28:51.0394 4844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:28:51.0488 4844 ksthunk - ok
19:28:51.0675 4844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:28:51.0768 4844 lltdio - ok
19:28:51.0987 4844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:52.0018 4844 LSI_FC - ok
19:28:52.0205 4844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:52.0236 4844 LSI_SAS - ok
19:28:52.0408 4844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:52.0439 4844 LSI_SAS2 - ok
19:28:52.0595 4844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:52.0642 4844 LSI_SCSI - ok
19:28:52.0798 4844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:28:52.0923 4844 luafv - ok
19:28:53.0079 4844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:28:53.0110 4844 megasas - ok
19:28:53.0266 4844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:53.0297 4844 MegaSR - ok
19:28:53.0438 4844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:28:53.0516 4844 Modem - ok
19:28:53.0672 4844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:28:53.0718 4844 monitor - ok
19:28:53.0874 4844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:28:53.0906 4844 mouclass - ok
19:28:54.0093 4844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:28:54.0140 4844 mouhid - ok
19:28:54.0296 4844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:28:54.0327 4844 mountmgr - ok
19:28:54.0467 4844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:28:54.0514 4844 mpio - ok
19:28:54.0654 4844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:28:54.0764 4844 mpsdrv - ok
19:28:54.0920 4844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:28:55.0044 4844 MRxDAV - ok
19:28:55.0185 4844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:55.0263 4844 mrxsmb - ok
19:28:55.0434 4844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:55.0512 4844 mrxsmb10 - ok
19:28:55.0668 4844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:55.0700 4844 mrxsmb20 - ok
19:28:55.0824 4844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:28:55.0856 4844 msahci - ok
19:28:55.0996 4844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:28:56.0027 4844 msdsm - ok
19:28:56.0168 4844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:28:56.0214 4844 Msfs - ok
19:28:56.0386 4844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:28:56.0480 4844 mshidkmdf - ok
19:28:56.0620 4844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:28:56.0636 4844 msisadrv - ok
19:28:56.0823 4844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:28:56.0885 4844 MSKSSRV - ok
19:28:57.0057 4844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:57.0166 4844 MSPCLOCK - ok
19:28:57.0322 4844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:28:57.0431 4844 MSPQM - ok
19:28:57.0572 4844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:28:57.0603 4844 MsRPC - ok
19:28:57.0759 4844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:28:57.0774 4844 mssmbios - ok
19:28:57.0977 4844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:28:58.0055 4844 MSTEE - ok
19:28:58.0211 4844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:58.0274 4844 MTConfig - ok
19:28:58.0445 4844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:28:58.0476 4844 Mup - ok
19:28:58.0664 4844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:28:58.0742 4844 NativeWifiP - ok
19:28:58.0960 4844 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\ENG64.SYS
19:28:58.0976 4844 NAVENG - ok
19:28:59.0225 4844 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\EX64.SYS
19:28:59.0272 4844 NAVEX15 - ok
19:28:59.0506 4844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:28:59.0553 4844 NDIS - ok
19:28:59.0724 4844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:59.0802 4844 NdisCap - ok
19:28:59.0958 4844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:00.0052 4844 NdisTapi - ok
19:29:00.0208 4844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:00.0270 4844 Ndisuio - ok
19:29:00.0411 4844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:00.0489 4844 NdisWan - ok
19:29:00.0629 4844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:29:00.0723 4844 NDProxy - ok
19:29:00.0894 4844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:29:01.0004 4844 NetBIOS - ok
19:29:01.0144 4844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:29:01.0238 4844 NetBT - ok
19:29:01.0612 4844 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
19:29:01.0877 4844 NETw5s64 - ok
19:29:02.0189 4844 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:29:02.0408 4844 netw5v64 - ok
19:29:02.0564 4844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:02.0595 4844 nfrd960 - ok
19:29:02.0766 4844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:29:02.0829 4844 Npfs - ok
19:29:02.0985 4844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:29:03.0078 4844 nsiproxy - ok
19:29:03.0266 4844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:29:03.0328 4844 Ntfs - ok
19:29:03.0468 4844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:29:03.0531 4844 Null - ok
19:29:03.0687 4844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:29:03.0718 4844 nvraid - ok
19:29:03.0858 4844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:29:03.0890 4844 nvstor - ok
19:29:04.0046 4844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:29:04.0077 4844 nv_agp - ok
19:29:04.0233 4844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:29:04.0280 4844 ohci1394 - ok
19:29:04.0451 4844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:29:04.0498 4844 Parport - ok
19:29:04.0638 4844 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:29:04.0670 4844 partmgr - ok
19:29:04.0810 4844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:29:04.0826 4844 pci - ok
19:29:04.0982 4844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:29:05.0013 4844 pciide - ok
19:29:05.0153 4844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:05.0184 4844 pcmcia - ok
19:29:05.0325 4844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:29:05.0356 4844 pcw - ok
19:29:05.0512 4844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:29:05.0590 4844 PEAUTH - ok
19:29:05.0793 4844 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
19:29:05.0808 4844 Point64 - ok
19:29:05.0996 4844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:29:06.0074 4844 PptpMiniport - ok
19:29:06.0214 4844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:29:06.0261 4844 Processor - ok
19:29:06.0448 4844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:29:06.0526 4844 Psched - ok
19:29:06.0744 4844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:29:06.0822 4844 ql2300 - ok
19:29:06.0963 4844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:06.0994 4844 ql40xx - ok
19:29:07.0150 4844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:29:07.0228 4844 QWAVEdrv - ok
19:29:07.0368 4844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:29:07.0431 4844 RasAcd - ok
19:29:07.0602 4844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:07.0696 4844 RasAgileVpn - ok
19:29:07.0868 4844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:07.0961 4844 Rasl2tp - ok
19:29:08.0133 4844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:08.0195 4844 RasPppoe - ok
19:29:08.0367 4844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:29:08.0445 4844 RasSstp - ok
19:29:08.0601 4844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:29:08.0663 4844 rdbss - ok
19:29:08.0819 4844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:08.0882 4844 rdpbus - ok
19:29:09.0022 4844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:09.0100 4844 RDPCDD - ok
19:29:09.0272 4844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:29:09.0350 4844 RDPENCDD - ok
19:29:09.0506 4844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:29:09.0552 4844 RDPREFMP - ok
19:29:09.0708 4844 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:29:09.0755 4844 RDPWD - ok
19:29:09.0927 4844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:29:09.0974 4844 rdyboost - ok
19:29:10.0192 4844 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
19:29:10.0208 4844 Revoflt - ok
19:29:10.0410 4844 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
19:29:10.0488 4844 rimspci - ok
19:29:10.0660 4844 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
19:29:10.0722 4844 rixdpcie - ok
19:29:10.0910 4844 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
19:29:10.0941 4844 RsFx0150 - ok
19:29:11.0112 4844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:29:11.0206 4844 rspndr - ok
19:29:11.0378 4844 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:11.0409 4844 RTL8167 - ok
19:29:11.0596 4844 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:29:11.0674 4844 RTL8169 - ok
19:29:11.0830 4844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:29:11.0877 4844 sbp2port - ok
19:29:12.0017 4844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:29:12.0095 4844 scfilter - ok
19:29:12.0298 4844 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
19:29:12.0329 4844 sdbus - ok
19:29:12.0501 4844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:29:12.0610 4844 secdrv - ok
19:29:12.0750 4844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:29:12.0813 4844 Serenum - ok
19:29:12.0953 4844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:29:12.0984 4844 Serial - ok
19:29:13.0125 4844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:29:13.0172 4844 sermouse - ok
19:29:13.0312 4844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:29:13.0374 4844 sffdisk - ok
19:29:13.0515 4844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:29:13.0577 4844 sffp_mmc - ok
19:29:13.0718 4844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:29:13.0764 4844 sffp_sd - ok
19:29:13.0920 4844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:13.0967 4844 sfloppy - ok
19:29:14.0154 4844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:14.0186 4844 SiSRaid2 - ok
19:29:14.0326 4844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:14.0357 4844 SiSRaid4 - ok
19:29:14.0544 4844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:29:14.0622 4844 Smb - ok
19:29:14.0747 4844 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
19:29:14.0778 4844 SMR210 - ok
19:29:15.0044 4844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:29:15.0075 4844 spldr - ok
19:29:15.0293 4844 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
19:29:15.0340 4844 SRTSP - ok
19:29:15.0527 4844 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
19:29:15.0543 4844 SRTSPX - ok
19:29:15.0714 4844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:29:15.0808 4844 srv - ok
19:29:16.0026 4844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:29:16.0104 4844 srv2 - ok
19:29:16.0245 4844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:29:16.0307 4844 srvnet - ok
19:29:16.0479 4844 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
19:29:16.0510 4844 ssudmdm - ok
19:29:16.0635 4844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:29:16.0682 4844 stexstor - ok
19:29:16.0884 4844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:29:16.0916 4844 swenum - ok
19:29:17.0165 4844 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
19:29:17.0212 4844 SymDS - ok
19:29:17.0430 4844 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
19:29:17.0462 4844 SymEFA - ok
19:29:17.0649 4844 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:29:17.0680 4844 SymEvent - ok
19:29:17.0852 4844 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
19:29:17.0867 4844 SymIM - ok
19:29:18.0164 4844 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
19:29:18.0195 4844 SymIRON - ok
19:29:18.0398 4844 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
19:29:18.0444 4844 SymNetS - ok
19:29:18.0647 4844 SynTP (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
19:29:18.0725 4844 SynTP - ok
19:29:19.0006 4844 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:29:19.0084 4844 Tcpip - ok
19:29:19.0318 4844 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:29:19.0365 4844 TCPIP6 - ok
19:29:19.0505 4844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:29:19.0599 4844 tcpipreg - ok
19:29:19.0755 4844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:29:19.0817 4844 TDPIPE - ok
19:29:19.0958 4844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:29:20.0020 4844 TDTCP - ok
19:29:20.0192 4844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:29:20.0238 4844 tdx - ok
19:29:20.0441 4844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:29:20.0472 4844 TermDD - ok
19:29:20.0660 4844 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
19:29:20.0691 4844 Thpevm - ok
19:29:20.0847 4844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:20.0925 4844 tssecsrv - ok
19:29:21.0096 4844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:29:21.0159 4844 TsUsbFlt - ok
19:29:21.0346 4844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:29:21.0440 4844 tunnel - ok
19:29:21.0596 4844 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:29:21.0627 4844 TVALZ - ok
19:29:21.0767 4844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:29:21.0798 4844 uagp35 - ok
19:29:21.0954 4844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:29:22.0017 4844 udfs - ok
19:29:22.0188 4844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:29:22.0220 4844 uliagpkx - ok
19:29:22.0391 4844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:29:22.0469 4844 umbus - ok
19:29:22.0610 4844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:29:22.0656 4844 UmPass - ok
19:29:22.0828 4844 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:29:22.0890 4844 USBAAPL64 - ok
19:29:23.0109 4844 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:29:23.0156 4844 usbaudio - ok
19:29:23.0343 4844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:23.0421 4844 usbccgp - ok
19:29:23.0592 4844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:29:23.0655 4844 usbcir - ok
19:29:23.0795 4844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:29:23.0858 4844 usbehci - ok
19:29:24.0060 4844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:29:24.0154 4844 usbhub - ok
19:29:24.0357 4844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:29:24.0404 4844 usbohci - ok
19:29:24.0560 4844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:29:24.0622 4844 usbprint - ok
19:29:24.0762 4844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:24.0856 4844 USBSTOR - ok
19:29:24.0996 4844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:29:25.0043 4844 usbuhci - ok
19:29:25.0262 4844 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:29:25.0277 4844 usbvideo - ok
19:29:25.0464 4844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:29:25.0496 4844 vdrvroot - ok
19:29:25.0683 4844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:25.0714 4844 vga - ok
19:29:25.0886 4844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:29:25.0995 4844 VgaSave - ok
19:29:26.0182 4844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:29:26.0213 4844 vhdmp - ok
19:29:26.0354 4844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:29:26.0385 4844 viaide - ok
19:29:26.0541 4844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:29:26.0572 4844 volmgr - ok
19:29:26.0712 4844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:29:26.0790 4844 volmgrx - ok
19:29:26.0946 4844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:29:26.0993 4844 volsnap - ok
19:29:27.0149 4844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:27.0180 4844 vsmraid - ok
19:29:27.0414 4844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:27.0446 4844 vwifibus - ok
19:29:27.0648 4844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:27.0711 4844 vwififlt - ok
19:29:27.0867 4844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:29:27.0929 4844 WacomPen - ok
19:29:28.0101 4844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:28.0179 4844 WANARP - ok
19:29:28.0257 4844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:28.0304 4844 Wanarpv6 - ok
19:29:28.0506 4844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:29:28.0538 4844 Wd - ok
19:29:28.0709 4844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:29:28.0740 4844 Wdf01000 - ok
19:29:28.0943 4844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:28.0990 4844 WfpLwf - ok
19:29:29.0130 4844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:29:29.0162 4844 WIMMount - ok
19:29:29.0458 4844 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:29:29.0520 4844 WinUsb - ok
19:29:29.0661 4844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:29:29.0708 4844 WmiAcpi - ok
19:29:29.0879 4844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:29:29.0942 4844 ws2ifsl - ok
19:29:30.0144 4844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:29:30.0222 4844 WudfPf - ok
19:29:30.0425 4844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:30.0519 4844 WUDFRd - ok
19:29:30.0612 4844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:29:30.0831 4844 \Device\Harddisk0\DR0 - ok
19:29:30.0878 4844 Boot (0x1200) (0d3ad6130466749683b82dcdc4174c7a) \Device\Harddisk0\DR0\Partition0
19:29:30.0878 4844 \Device\Harddisk0\DR0\Partition0 - ok
19:29:30.0878 4844 ============================================================
19:29:30.0878 4844 Scan finished
19:29:30.0878 4844 ============================================================
19:29:30.0909 4884 Detected object count: 0
19:29:30.0909 4884 Actual detected object count: 0
19:31:35.0281 6064 ============================================================
19:31:35.0281 6064 Scan started
19:31:35.0281 6064 Mode: Manual; SigCheck; TDLFS;
19:31:35.0281 6064 ============================================================
19:31:35.0924 6064 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:31:35.0977 6064 1394ohci - ok
19:31:36.0117 6064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:31:36.0134 6064 ACPI - ok
19:31:36.0293 6064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:31:36.0330 6064 AcpiPmi - ok
19:31:36.0485 6064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:31:36.0507 6064 adp94xx - ok
19:31:36.0646 6064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:31:36.0685 6064 adpahci - ok
19:31:36.0829 6064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:31:36.0863 6064 adpu320 - ok
19:31:37.0028 6064 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:31:37.0061 6064 AFD - ok
19:31:37.0239 6064 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
19:31:37.0269 6064 AgereSoftModem - ok
19:31:37.0415 6064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:31:37.0432 6064 agp440 - ok
19:31:37.0568 6064 AirDisplay (45a5228c6fa82380ccb20a9d9a5be6f0) C:\Windows\system32\DRIVERS\AVVideoCard.sys
19:31:37.0590 6064 AirDisplay - ok
19:31:37.0745 6064 AirDisplayMirror (b889a6a38d0bcb44caabeb6234700fc9) C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys
19:31:37.0760 6064 AirDisplayMirror - ok
19:31:37.0908 6064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:31:37.0940 6064 aliide - ok
19:31:38.0090 6064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:31:38.0121 6064 amdide - ok
19:31:38.0260 6064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:31:38.0286 6064 AmdK8 - ok
19:31:38.0415 6064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:31:38.0452 6064 AmdPPM - ok
19:31:38.0597 6064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:31:38.0631 6064 amdsata - ok
19:31:38.0764 6064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:31:38.0791 6064 amdsbs - ok
19:31:38.0940 6064 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:31:38.0966 6064 amdxata - ok
19:31:39.0106 6064 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:31:39.0155 6064 AppID - ok
19:31:39.0316 6064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:31:39.0335 6064 arc - ok
19:31:39.0471 6064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:31:39.0502 6064 arcsas - ok
19:31:39.0817 6064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:39.0865 6064 AsyncMac - ok
19:31:40.0045 6064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:31:40.0075 6064 atapi - ok
19:31:40.0531 6064 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:31:40.0618 6064 atikmdag - ok
19:31:40.0767 6064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:31:40.0805 6064 b06bdrv - ok
19:31:40.0944 6064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:31:40.0983 6064 b57nd60a - ok
19:31:41.0127 6064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:31:41.0168 6064 Beep - ok
19:31:41.0391 6064 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
19:31:41.0429 6064 BHDrvx64 - ok
19:31:41.0573 6064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:31:41.0590 6064 blbdrive - ok
19:31:41.0952 6064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:31:41.0990 6064 bowser - ok
19:31:41.0991 6064 Scan interrupted by user!
19:31:41.0991 6064 Scan interrupted by user!
19:31:41.0991 6064 Scan interrupted by user!
19:31:41.0992 6064 ============================================================
19:31:41.0992 6064 Scan finished
19:31:41.0992 6064 ============================================================
19:31:42.0000 3040 Detected object count: 0
19:31:42.0000 3040 Actual detected object count: 0
19:31:44.0054 5376 Deinitialize success


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 19:32:31
-----------------------------
19:32:31.247 OS Version: Windows x64 6.1.7601 Service Pack 1
19:32:31.247 Number of processors: 2 586 0x1706
19:32:31.248 ComputerName: ERIC-LAPTOP UserName: Eric
19:32:33.198 Initialize success
19:34:56.157 AVAST engine defs: 12011601
19:35:56.752 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:35:56.758 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001M Size: 476940MB BusType: 11
19:35:56.775 Disk 0 MBR read successfully
19:35:56.781 Disk 0 MBR scan
19:35:56.806 Disk 0 Windows 7 default MBR code
19:35:56.814 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:35:56.839 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464951 MB offset 3074048
19:35:56.886 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10488 MB offset 955293696
19:35:56.901 Service scanning
19:35:58.358 Modules scanning
19:36:00.257 AVAST engine scan C:\Windows
19:36:06.056 AVAST engine scan C:\Windows\system32
19:39:28.549 AVAST engine scan C:\Windows\system32\drivers
19:39:47.737 AVAST engine scan C:\Users\Eric
20:06:24.860 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\geeks to go\MBR.dat"
20:06:24.876 The log file has been saved successfully to "C:\Users\Eric\Desktop\geeks to go\aswMBR.txt"


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric :: ERIC-LAPTOP [administrator]

Protection: Enabled

1/16/2012 8:12:38 PM
mbam-log-2012-01-16 (20-12-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205749
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 1/16/2012 9:04:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.18 Gb Available Physical Memory | 64.75% Memory free
15.99 Gb Paging File | 12.87 Gb Available in Paging File | 80.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 76.55 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 40.34 Gb Free Space | 54.14% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 21:03:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/19 13:21:32 | 001,121,832 | ---- | M] (Xmarks.com) -- C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/11/08 15:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/08/19 16:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/26 14:53:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 07:58:02 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/14 13:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 13:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 13:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 10:44:45 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 10:44:45 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/31 20:37:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\EX64.SYS -- (NAVEX15)
DRV - [2011/10/31 20:37:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\ENG64.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://movedowntown...n/MyOffice.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7E A0 6E 5F 45 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/05 22:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/16 18:54:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 02:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 10:10:16 | 000,000,000 | ---D | M]

[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/06 16:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions
[2011/06/29 09:55:20 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/11/12 12:30:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/31 19:06:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2011/11/05 13:15:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2012/01/14 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: USA TODAY = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggljnipbdiebhbmadknfbjlhehbohbn\2.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.17_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Offline Google Mail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: LastPass = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.1_0\
CHR - Extension: Smooth Gestures = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Linkclump = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.0.16_0\
CHR - Extension: Copy Link Text = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FreshStart - Cross Browser Session Manager = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb\1.5.4_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2012/01/16 18:55:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dekisoft Monitor Off Utility] C:\Program Files (x86)\Monitor Off Utility\monoff.exe (Dekisoft)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [GoogleContactSync] C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {026ECE7F-AC77-42C1-AFA7-9576D1A4EAB6} http://www.formsrus.com/53/setup.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://cbrmls.columb...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {ECC56E5B-BE50-4691-BAE5-1BB7DF70BF95} http://www.formsrus....forms/setup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3315377E-1827-411A-8A89-D1292871D5AE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 20:10:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 20:10:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/16 20:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 18:55:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/16 18:51:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/16 18:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 18:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 18:39:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 18:39:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/16 16:57:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 14:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 14:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\geeks to go
[2012/01/13 23:24:55 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/13 20:04:49 | 000,000,000 | ---D | C] -- C:\NPE
[2012/01/13 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Temp
[2012/01/13 16:21:42 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/13 14:38:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 16:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GO Contact Sync Mod
[2012/01/11 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebGear
[2012/01/11 16:05:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/11 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\NPE
[2012/01/11 03:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\679C1
[2012/01/11 02:56:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 02:56:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 02:56:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 02:56:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 02:56:35 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 02:56:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 02:56:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/09 17:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/01/09 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\PDF-XChange.Viewer.Pro.v2.042.7.Multilingual.Cracked-EAT
[2012/01/09 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/09 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5C9B070-3124-44D4-A2B0-51E843B0421E}
[2012/01/09 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{26F4E894-BE27-4D56-80C2-DECD41B57B7F}
[2012/01/09 01:40:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5F690E7E-FE96-4F1C-ACFC-8A2FBDDD42AD}
[2012/01/09 01:40:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2FC95A88-D39F-459B-B7F0-C58608BE1660}
[2012/01/08 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AACCF45-EC22-46EC-A236-C7D06B5C275F}
[2012/01/08 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D650295A-2195-425A-8A82-0CC902A6F37A}
[2012/01/08 01:40:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A3EF6F9B-EC64-4F35-B611-FA24D122696E}
[2012/01/08 01:40:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AECBE636-CA8D-47A8-9D8C-6A302B8981DE}
[2011/12/30 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA8063F6-590E-4E7C-823F-2ADF139AC157}
[2011/12/30 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{43FBE04C-7767-48A2-8A58-49B05224213C}
[2011/12/29 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D35D1A2-7DDC-43A6-B5E6-A175EAB048CF}
[2011/12/29 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDF54AE7-0EA6-4018-BA9E-89E8C01066CA}
[2011/12/25 23:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/22 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DEBFC9FE-26FB-4F48-9025-399E3FD7572A}
[2011/12/22 17:29:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{59E8FE2C-1297-4A07-96D5-28457E0839AD}
[2011/12/21 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{10654CD9-E24B-415D-986D-F70F31D759E1}
[2011/12/21 23:29:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D7F844A1-9065-4A39-8718-61043782FCD7}
[2011/12/20 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CB98EDCE-D14B-44D7-BD5D-F08265D65A9F}
[2011/12/20 16:24:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{15EABF08-E920-43B8-B2D3-FE6D7783ADBC}
[2011/12/20 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Synaptics
[2011/12/20 00:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/12/20 00:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2011/12/20 00:03:23 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/12/20 00:03:23 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/12/20 00:03:23 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/12/20 00:03:23 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/12/20 00:03:22 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/12/20 00:03:22 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/12/20 00:03:22 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2011/12/20 00:03:22 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/12/19 23:38:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/18 22:31:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Skype
[2011/12/18 22:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/04/08 19:57:26 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/16 20:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 20:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/16 20:10:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 19:44:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/16 19:07:18 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 19:07:18 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 18:55:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/16 18:54:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/16 18:54:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 18:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 18:53:06 | 2145,898,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/15 20:50:31 | 000,005,357 | ---- | M] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:50:24 | 000,178,645 | ---- | M] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 13:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/14 01:06:16 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 19:19:22 | 000,000,149 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/13 18:05:50 | 000,122,616 | ---- | M] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:16:39 | 000,822,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 16:16:39 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 16:16:39 | 000,131,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 16:14:17 | 000,001,380 | ---- | M] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/12 22:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/11 17:38:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/11 15:29:33 | 326,268,174 | ---- | M] () -- C:\Regbackup.reg
[2012/01/11 03:30:35 | 000,002,664 | ---- | M] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/11 03:30:31 | 000,031,256 | ---- | M] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/05 16:00:16 | 001,329,952 | ---- | M] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:24 | 000,002,600 | ---- | M] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/21 15:18:41 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/12/20 19:51:14 | 000,044,713 | ---- | M] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2012/01/16 20:10:32 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 18:39:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 18:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 18:39:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/15 20:50:31 | 000,005,357 | ---- | C] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:47:24 | 000,178,645 | ---- | C] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 01:06:15 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 18:05:49 | 000,122,616 | ---- | C] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:20:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F\isolate.ini
[2012/01/13 16:14:15 | 000,001,380 | ---- | C] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/12 22:45:11 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/01/11 15:29:10 | 326,268,174 | ---- | C] () -- C:\Regbackup.reg
[2012/01/11 03:30:31 | 000,031,256 | ---- | C] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/11 03:30:31 | 000,002,664 | ---- | C] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/05 15:55:56 | 001,329,952 | ---- | C] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:21 | 000,002,600 | ---- | C] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 19:51:14 | 000,044,713 | ---- | C] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/12/20 00:03:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/13 22:00:15 | 000,231,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/08/11 18:59:22 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/12 15:25:44 | 000,797,020 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\ericc2728.zip
[2011/05/03 10:48:36 | 000,000,320 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SEC540722.trad
[2011/05/03 10:48:24 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2011/03/24 12:38:31 | 000,000,341 | ---- | C] () -- C:\Windows\BCLWDDE.INI
[2011/03/12 15:22:21 | 000,010,240 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 13:22:51 | 000,001,465 | ---- | C] () -- C:\Windows\pcforms.ini
[2011/02/02 14:53:41 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/01 18:03:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/01 17:32:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/28 14:34:08 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/27 16:49:45 | 000,037,843 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/27 15:08:04 | 000,000,149 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/26 15:04:13 | 000,000,410 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/25 22:37:48 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/25 16:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011/01/25 13:36:46 | 000,000,017 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2011/01/25 03:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/29 01:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/30 20:26:00 | 000,365,568 | ---- | C] () -- C:\Windows\SysWow64\WINCTL32.DLL
[2010/06/30 20:26:00 | 000,055,808 | ---- | C] () -- C:\Windows\ICE_JNIRegistry.dll
[2010/06/30 20:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Simspy32.dll
[2010/06/30 20:26:00 | 000,032,768 | ---- | C] () -- C:\Windows\Java2INI.dll
[2010/06/23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/13 15:58:21 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2003/02/28 15:51:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\easysoap.dll
[2003/01/28 02:09:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

========== Files - Unicode (All) ==========
[2011/09/07 19:40:25 | 000,000,000 | ---D | M](C:\Windows\SysNative\?!) -- C:\Windows\SysNative\Ȱ!
[2011/09/07 19:40:25 | 000,000,000 | ---D | C](C:\Windows\SysNative\?!) -- C:\Windows\SysNative\Ȱ!
[2011/09/07 19:40:24 | 000,000,000 | ---D | M](C:\Windows\SysNative\3?) -- C:\Windows\SysNative\3쀀
[2011/09/07 19:40:24 | 000,000,000 | ---D | M](C:\Windows\SysNative\?2) -- C:\Windows\SysNative\Ȱ2
[2011/09/07 19:40:24 | 000,000,000 | ---D | C](C:\Windows\SysNative\3?) -- C:\Windows\SysNative\3쀀
[2011/09/07 19:40:24 | 000,000,000 | ---D | C](C:\Windows\SysNative\?2) -- C:\Windows\SysNative\Ȱ2

========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Windows:

< End of report >
OTL Extras logfile created on: 1/16/2012 9:04:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.18 Gb Available Physical Memory | 64.75% Memory free
15.99 Gb Paging File | 12.87 Gb Available in Paging File | 80.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 76.55 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 40.34 Gb Free Space | 54.14% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{3EE30764-A4C2-4371-8EC5-61418CF6271B}" = Air Display Support
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Unlocker" = Unlocker 1.9.0-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{0FAFE712-DF6D-455C-9016-861A0CDC1E1D}" = pcFORMation 5.3.6 Install
"{10F0131F-1CA2-4433-8473-7C890C769581}_is1" = Monitor Off Utility 1.0
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4590D323-F7A7-4FD0-B133-956B40FFDD43}" = Xmarks for IE
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{576C2EBB-1476-4F43-86FC-E2517075C750}" = TD AMERITRADE StrategyDesk 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{64619D4F-9F26-7385-13CD-CF437EB1B778}" = Maximizer CRM Help
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EB46CEF-A947-44B8-95B5-BDF19B761590}" = ProfiDing
"{A373F67B-8305-4CE0-AA04-59E3FAED7693}" = pcFORMation 5.3.1 Real Estate Forms Demo
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A6CB7126-16B0-6D09-4D46-FA6E2A3D135A}" = MaxExchange Remote Help
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA3155-780B-A582-81EC-4E803375E151}" = Maximizer CRM Administrator Help
"{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"BSPlayerf" = BS.Player FREE
"FileZilla Client" = FileZilla Client 3.5.2
"Glary Utilities_is1" = Glary Utilities 2.37.0.1260
"Google Calendar Sync" = Google Calendar Sync
"GuitarSpeedTrainer_is1" = GST 2.3.8.4
"InstallShield_{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Maximizer CRM 11_{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11 Group Edition Workstation
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Rename Master_is1" = Rename Master
"Simpli Software's Places Utility_is1" = Simpli Software's Places Utility v1.0
"Tag&Rename_is1" = Tag&Rename 3.5
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"thinkorswim" = thinkorswim
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Attached Thumbnails

  • Capture.JPG

  • 0

#6
RKinner
Posted 16 January 2012 - 09:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You didn't let the second TDSSKiller scan complete. Please run it again and post the log.


Copy the text in the code box by highlighting and Ctrl + c 


:OTL
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O16 - DPF: {026ECE7F-AC77-42C1-AFA7-9576D1A4EAB6} http://www.formsrus.com/53/setup.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {ECC56E5B-BE50-4691-BAE5-1BB7DF70BF95} http://www.formsrus....forms/setup.cab (Reg Error: Key error.)
[2011/09/07 19:40:25 | 000,000,000 | ---D | M](C:\Windows\SysNative\?!) -- C:\Windows\SysNative\Ȱ!
[2011/09/07 19:40:25 | 000,000,000 | ---D | C](C:\Windows\SysNative\?!) -- C:\Windows\SysNative\Ȱ!
[2011/09/07 19:40:24 | 000,000,000 | ---D | M](C:\Windows\SysNative\3?) -- C:\Windows\SysNative\3쀀
[2011/09/07 19:40:24 | 000,000,000 | ---D | M](C:\Windows\SysNative\?2) -- C:\Windows\SysNative\Ȱ2
[2011/09/07 19:40:24 | 000,000,000 | ---D | C](C:\Windows\SysNative\3?) -- C:\Windows\SysNative\3쀀
[2011/09/07 19:40:24 | 000,000,000 | ---D | C](C:\Windows\SysNative\?2) -- C:\Windows\SysNative\Ȱ2
@Alternate Data Stream - 8 bytes -> C:\Windows:

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c

     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


This should create a file called winsock2.reg on your desktop. This is an insurance file in case you can't get on line after the next step. Just leave it alone for now.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

netsh  winsock  reset  catalog

Reboot. See if you can still get on line. If not you can right click on winsock2.reg and select Merge then reboot and it should get you back on line. If that doesn't help you can always do a System Restore to the last restore point. If you are able to get on line you can delete the winsock2.reg file.

In either case: Run OTL again, Quickscan.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
ericc2728
Posted 17 January 2012 - 12:05 AM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
hi, i actually didn't read carefully and ran the second tdsskiller scan and posted that log. so here is the first log without the two additional options being checked under change parameters and then the second log too. i also forgot to mention that when i ran combofix it said that norton internet security was still running. at the time i was in safe mode and talked to norton tech support on how to turn it off. they said that this process needed to be off ccSvcHst.exe and if it wasn't showing then norton wasn't running. i couldn't find that process in my task manager so i ran combofix anyway. i got a warning box from combofix about running the software with norton still running and executed combofix after that warning.


00:49:39.0031 5652 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
00:49:39.0951 5652 ============================================================
00:49:39.0951 5652 Current date / time: 2012/01/17 00:49:39.0951
00:49:39.0951 5652 SystemInfo:
00:49:39.0951 5652
00:49:39.0951 5652 OS Version: 6.1.7601 ServicePack: 1.0
00:49:39.0951 5652 Product type: Workstation
00:49:39.0951 5652 ComputerName: ERIC-LAPTOP
00:49:39.0951 5652 UserName: Eric
00:49:39.0951 5652 Windows directory: C:\Windows
00:49:39.0951 5652 System windows directory: C:\Windows
00:49:39.0951 5652 Running under WOW64
00:49:39.0951 5652 Processor architecture: Intel x64
00:49:39.0951 5652 Number of processors: 2
00:49:39.0951 5652 Page size: 0x1000
00:49:39.0951 5652 Boot type: Normal boot
00:49:39.0951 5652 ============================================================
00:49:42.0525 5652 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
00:49:42.0634 5652 Initialize success
00:50:38.0841 1440 ============================================================
00:50:38.0841 1440 Scan started
00:50:38.0841 1440 Mode: Manual;
00:50:38.0841 1440 ============================================================
00:50:39.0559 1440 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:50:39.0559 1440 1394ohci - ok
00:50:39.0699 1440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:50:39.0699 1440 ACPI - ok
00:50:39.0995 1440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:50:39.0995 1440 AcpiPmi - ok
00:50:40.0167 1440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:50:40.0183 1440 adp94xx - ok
00:50:40.0463 1440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:50:40.0479 1440 adpahci - ok
00:50:40.0619 1440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:50:40.0619 1440 adpu320 - ok
00:50:40.0775 1440 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:50:40.0791 1440 AFD - ok
00:50:40.0947 1440 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
00:50:40.0978 1440 AgereSoftModem - ok
00:50:41.0119 1440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:50:41.0119 1440 agp440 - ok
00:50:41.0275 1440 AirDisplay (45a5228c6fa82380ccb20a9d9a5be6f0) C:\Windows\system32\DRIVERS\AVVideoCard.sys
00:50:41.0275 1440 AirDisplay - ok
00:50:41.0524 1440 AirDisplayMirror (b889a6a38d0bcb44caabeb6234700fc9) C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys
00:50:41.0524 1440 AirDisplayMirror - ok
00:50:41.0696 1440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:50:41.0696 1440 aliide - ok
00:50:41.0821 1440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:50:41.0821 1440 amdide - ok
00:50:41.0961 1440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:50:41.0961 1440 AmdK8 - ok
00:50:42.0070 1440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:50:42.0086 1440 AmdPPM - ok
00:50:42.0211 1440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:50:42.0226 1440 amdsata - ok
00:50:42.0445 1440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:50:42.0445 1440 amdsbs - ok
00:50:42.0585 1440 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:50:42.0601 1440 amdxata - ok
00:50:42.0741 1440 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:50:42.0757 1440 AppID - ok
00:50:42.0944 1440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:50:42.0944 1440 arc - ok
00:50:43.0084 1440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:50:43.0100 1440 arcsas - ok
00:50:43.0240 1440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:50:43.0240 1440 AsyncMac - ok
00:50:43.0427 1440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:50:43.0427 1440 atapi - ok
00:50:43.0693 1440 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
00:50:43.0833 1440 atikmdag - ok
00:50:44.0005 1440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:50:44.0005 1440 b06bdrv - ok
00:50:44.0161 1440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:50:44.0176 1440 b57nd60a - ok
00:50:44.0317 1440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:50:44.0332 1440 Beep - ok
00:50:44.0722 1440 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
00:50:44.0738 1440 BHDrvx64 - ok
00:50:44.0863 1440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:50:44.0878 1440 blbdrive - ok
00:50:45.0034 1440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:50:45.0034 1440 bowser - ok
00:50:45.0159 1440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:50:45.0159 1440 BrFiltLo - ok
00:50:45.0299 1440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:50:45.0299 1440 BrFiltUp - ok
00:50:45.0596 1440 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:50:45.0596 1440 BridgeMP - ok
00:50:45.0736 1440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:50:45.0736 1440 Brserid - ok
00:50:45.0877 1440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:50:45.0877 1440 BrSerWdm - ok
00:50:46.0017 1440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:50:46.0017 1440 BrUsbMdm - ok
00:50:46.0142 1440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:50:46.0142 1440 BrUsbSer - ok
00:50:46.0282 1440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:50:46.0282 1440 BTHMODEM - ok
00:50:46.0360 1440 catchme - ok
00:50:46.0625 1440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:50:46.0625 1440 cdfs - ok
00:50:46.0781 1440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:50:46.0797 1440 cdrom - ok
00:50:46.0937 1440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:50:46.0953 1440 circlass - ok
00:50:47.0062 1440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:50:47.0078 1440 CLFS - ok
00:50:47.0234 1440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:50:47.0234 1440 CmBatt - ok
00:50:47.0374 1440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:50:47.0374 1440 cmdide - ok
00:50:47.0608 1440 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:50:47.0608 1440 CNG - ok
00:50:47.0749 1440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:50:47.0749 1440 Compbatt - ok
00:50:47.0873 1440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:50:47.0873 1440 CompositeBus - ok
00:50:48.0045 1440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:50:48.0045 1440 crcdisk - ok
00:50:48.0232 1440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:50:48.0232 1440 DfsC - ok
00:50:48.0373 1440 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
00:50:48.0419 1440 dg_ssudbus - ok
00:50:48.0653 1440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:50:48.0653 1440 discache - ok
00:50:48.0809 1440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:50:48.0825 1440 Disk - ok
00:50:48.0997 1440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:50:48.0997 1440 drmkaud - ok
00:50:49.0153 1440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:50:49.0168 1440 DXGKrnl - ok
00:50:49.0387 1440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:50:49.0480 1440 ebdrv - ok
00:50:49.0699 1440 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:50:49.0714 1440 eeCtrl - ok
00:50:49.0870 1440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:50:49.0886 1440 elxstor - ok
00:50:50.0011 1440 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:50:50.0011 1440 EraserUtilRebootDrv - ok
00:50:50.0151 1440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:50:50.0151 1440 ErrDev - ok
00:50:50.0307 1440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:50:50.0307 1440 exfat - ok
00:50:50.0447 1440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:50:50.0447 1440 fastfat - ok
00:50:50.0666 1440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:50:50.0666 1440 fdc - ok
00:50:50.0915 1440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:50:50.0915 1440 FileInfo - ok
00:50:51.0056 1440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:50:51.0056 1440 Filetrace - ok
00:50:51.0399 1440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:50:51.0399 1440 flpydisk - ok
00:50:51.0539 1440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:50:51.0539 1440 FltMgr - ok
00:50:51.0773 1440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:50:51.0773 1440 FsDepends - ok
00:50:51.0929 1440 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:50:51.0929 1440 Fs_Rec - ok
00:50:52.0070 1440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:50:52.0070 1440 fvevol - ok
00:50:52.0210 1440 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
00:50:52.0210 1440 FwLnk - ok
00:50:52.0382 1440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:50:52.0382 1440 gagp30kx - ok
00:50:52.0522 1440 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:50:52.0522 1440 GEARAspiWDM - ok
00:50:52.0772 1440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:50:52.0772 1440 hcw85cir - ok
00:50:52.0943 1440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:50:52.0943 1440 HdAudAddService - ok
00:50:53.0084 1440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:50:53.0084 1440 HDAudBus - ok
00:50:53.0224 1440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:50:53.0224 1440 HidBatt - ok
00:50:53.0349 1440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:50:53.0365 1440 HidBth - ok
00:50:53.0474 1440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:50:53.0489 1440 HidIr - ok
00:50:53.0708 1440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:50:53.0708 1440 HidUsb - ok
00:50:53.0895 1440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:50:53.0895 1440 HpSAMD - ok
00:50:54.0051 1440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:50:54.0067 1440 HTTP - ok
00:50:54.0191 1440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:50:54.0191 1440 hwpolicy - ok
00:50:54.0332 1440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:50:54.0332 1440 i8042prt - ok
00:50:54.0472 1440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:50:54.0488 1440 iaStorV - ok
00:50:54.0831 1440 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSvia64.sys
00:50:54.0831 1440 IDSVia64 - ok
00:50:54.0987 1440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:50:54.0987 1440 iirsp - ok
00:50:55.0112 1440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:50:55.0112 1440 intelide - ok
00:50:55.0252 1440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:50:55.0252 1440 intelppm - ok
00:50:55.0377 1440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:50:55.0377 1440 IpFilterDriver - ok
00:50:55.0502 1440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:50:55.0502 1440 IPMIDRV - ok
00:50:55.0642 1440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:50:55.0658 1440 IPNAT - ok
00:50:55.0876 1440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:50:55.0876 1440 IRENUM - ok
00:50:56.0017 1440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:50:56.0017 1440 isapnp - ok
00:50:56.0157 1440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:50:56.0157 1440 iScsiPrt - ok
00:50:56.0329 1440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:50:56.0329 1440 kbdclass - ok
00:50:56.0469 1440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:50:56.0469 1440 kbdhid - ok
00:50:56.0609 1440 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:50:56.0609 1440 KSecDD - ok
00:50:56.0750 1440 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:50:56.0750 1440 KSecPkg - ok
00:50:56.0921 1440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:50:56.0921 1440 ksthunk - ok
00:50:57.0109 1440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:50:57.0109 1440 lltdio - ok
00:50:57.0296 1440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:50:57.0296 1440 LSI_FC - ok
00:50:57.0421 1440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:50:57.0436 1440 LSI_SAS - ok
00:50:57.0577 1440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:50:57.0577 1440 LSI_SAS2 - ok
00:50:57.0717 1440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:50:57.0733 1440 LSI_SCSI - ok
00:50:57.0904 1440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:50:57.0920 1440 luafv - ok
00:50:58.0091 1440 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:50:58.0091 1440 MBAMProtector - ok
00:50:58.0232 1440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:50:58.0232 1440 megasas - ok
00:50:58.0357 1440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:50:58.0372 1440 MegaSR - ok
00:50:58.0513 1440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:50:58.0513 1440 Modem - ok
00:50:58.0653 1440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:50:58.0653 1440 monitor - ok
00:50:58.0840 1440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:50:58.0840 1440 mouclass - ok
00:50:59.0074 1440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:50:59.0074 1440 mouhid - ok
00:50:59.0215 1440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:50:59.0215 1440 mountmgr - ok
00:50:59.0339 1440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:50:59.0355 1440 mpio - ok
00:50:59.0480 1440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:50:59.0480 1440 mpsdrv - ok
00:50:59.0620 1440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:50:59.0620 1440 MRxDAV - ok
00:50:59.0745 1440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:50:59.0761 1440 mrxsmb - ok
00:50:59.0901 1440 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:50:59.0917 1440 mrxsmb10 - ok
00:51:00.0104 1440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:51:00.0104 1440 mrxsmb20 - ok
00:51:00.0229 1440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:51:00.0229 1440 msahci - ok
00:51:00.0353 1440 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:51:00.0369 1440 msdsm - ok
00:51:00.0509 1440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:51:00.0525 1440 Msfs - ok
00:51:00.0650 1440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:51:00.0650 1440 mshidkmdf - ok
00:51:00.0775 1440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:51:00.0775 1440 msisadrv - ok
00:51:00.0977 1440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:51:00.0977 1440 MSKSSRV - ok
00:51:01.0165 1440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:51:01.0165 1440 MSPCLOCK - ok
00:51:01.0305 1440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:51:01.0305 1440 MSPQM - ok
00:51:01.0445 1440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:51:01.0461 1440 MsRPC - ok
00:51:01.0586 1440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:51:01.0586 1440 mssmbios - ok
00:51:01.0742 1440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:51:01.0742 1440 MSTEE - ok
00:51:01.0851 1440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:51:01.0867 1440 MTConfig - ok
00:51:02.0038 1440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:51:02.0038 1440 Mup - ok
00:51:02.0225 1440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:51:02.0225 1440 NativeWifiP - ok
00:51:02.0413 1440 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\ENG64.SYS
00:51:02.0413 1440 NAVENG - ok
00:51:02.0647 1440 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\EX64.SYS
00:51:02.0678 1440 NAVEX15 - ok
00:51:02.0849 1440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:51:02.0865 1440 NDIS - ok
00:51:03.0021 1440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:51:03.0021 1440 NdisCap - ok
00:51:03.0193 1440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:51:03.0193 1440 NdisTapi - ok
00:51:03.0333 1440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:51:03.0333 1440 Ndisuio - ok
00:51:03.0458 1440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:51:03.0458 1440 NdisWan - ok
00:51:03.0598 1440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:51:03.0598 1440 NDProxy - ok
00:51:03.0739 1440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:51:03.0739 1440 NetBIOS - ok
00:51:03.0863 1440 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:51:03.0863 1440 NetBT - ok
00:51:04.0300 1440 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:51:04.0487 1440 NETw5s64 - ok
00:51:04.0753 1440 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:51:04.0893 1440 netw5v64 - ok
00:51:05.0158 1440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:51:05.0174 1440 nfrd960 - ok
00:51:05.0330 1440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:51:05.0330 1440 Npfs - ok
00:51:05.0455 1440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:51:05.0455 1440 nsiproxy - ok
00:51:05.0626 1440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:51:05.0657 1440 Ntfs - ok
00:51:05.0782 1440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:51:05.0782 1440 Null - ok
00:51:05.0907 1440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:51:05.0923 1440 nvraid - ok
00:51:06.0079 1440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:51:06.0079 1440 nvstor - ok
00:51:06.0344 1440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:51:06.0344 1440 nv_agp - ok
00:51:06.0484 1440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:51:06.0500 1440 ohci1394 - ok
00:51:06.0640 1440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:51:06.0640 1440 Parport - ok
00:51:06.0765 1440 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:51:06.0765 1440 partmgr - ok
00:51:06.0905 1440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:51:06.0905 1440 pci - ok
00:51:07.0046 1440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:51:07.0046 1440 pciide - ok
00:51:07.0295 1440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:51:07.0295 1440 pcmcia - ok
00:51:07.0420 1440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:51:07.0436 1440 pcw - ok
00:51:07.0467 1440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:51:07.0483 1440 PEAUTH - ok
00:51:07.0639 1440 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
00:51:07.0639 1440 Point64 - ok
00:51:07.0810 1440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:51:07.0810 1440 PptpMiniport - ok
00:51:07.0951 1440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:51:07.0951 1440 Processor - ok
00:51:08.0091 1440 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:51:08.0091 1440 Psched - ok
00:51:08.0434 1440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:51:08.0465 1440 ql2300 - ok
00:51:08.0653 1440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:51:08.0653 1440 ql40xx - ok
00:51:08.0824 1440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:51:08.0824 1440 QWAVEdrv - ok
00:51:08.0980 1440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:51:08.0980 1440 RasAcd - ok
00:51:09.0199 1440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:51:09.0199 1440 RasAgileVpn - ok
00:51:09.0448 1440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:51:09.0448 1440 Rasl2tp - ok
00:51:09.0651 1440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:51:09.0667 1440 RasPppoe - ok
00:51:09.0838 1440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:51:09.0838 1440 RasSstp - ok
00:51:10.0041 1440 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:51:10.0041 1440 rdbss - ok
00:51:10.0259 1440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:51:10.0259 1440 rdpbus - ok
00:51:10.0743 1440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:51:10.0743 1440 RDPCDD - ok
00:51:10.0946 1440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:51:10.0946 1440 RDPENCDD - ok
00:51:11.0071 1440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:51:11.0071 1440 RDPREFMP - ok
00:51:11.0305 1440 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:51:11.0305 1440 RDPWD - ok
00:51:11.0461 1440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:51:11.0476 1440 rdyboost - ok
00:51:11.0710 1440 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
00:51:11.0710 1440 Revoflt - ok
00:51:11.0897 1440 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
00:51:11.0897 1440 rimspci - ok
00:51:12.0053 1440 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
00:51:12.0069 1440 rixdpcie - ok
00:51:12.0272 1440 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
00:51:12.0272 1440 RsFx0150 - ok
00:51:12.0475 1440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:51:12.0490 1440 rspndr - ok
00:51:12.0677 1440 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:51:12.0677 1440 RTL8167 - ok
00:51:12.0849 1440 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
00:51:12.0849 1440 RTL8169 - ok
00:51:13.0083 1440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:51:13.0083 1440 sbp2port - ok
00:51:13.0270 1440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:51:13.0270 1440 scfilter - ok
00:51:13.0567 1440 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
00:51:13.0567 1440 sdbus - ok
00:51:13.0832 1440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:51:13.0832 1440 secdrv - ok
00:51:13.0988 1440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:51:14.0003 1440 Serenum - ok
00:51:14.0237 1440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:51:14.0253 1440 Serial - ok
00:51:14.0503 1440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:51:14.0503 1440 sermouse - ok
00:51:14.0721 1440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:51:14.0737 1440 sffdisk - ok
00:51:14.0893 1440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:51:14.0893 1440 sffp_mmc - ok
00:51:15.0158 1440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:51:15.0158 1440 sffp_sd - ok
00:51:15.0314 1440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:51:15.0314 1440 sfloppy - ok
00:51:15.0579 1440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:51:15.0579 1440 SiSRaid2 - ok
00:51:15.0751 1440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:51:15.0751 1440 SiSRaid4 - ok
00:51:16.0031 1440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:51:16.0047 1440 Smb - ok
00:51:16.0203 1440 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
00:51:16.0203 1440 SMR210 - ok
00:51:16.0390 1440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:51:16.0390 1440 spldr - ok
00:51:16.0811 1440 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
00:51:16.0811 1440 SRTSP - ok
00:51:17.0155 1440 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
00:51:17.0170 1440 SRTSPX - ok
00:51:17.0357 1440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:51:17.0373 1440 srv - ok
00:51:17.0576 1440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:51:17.0576 1440 srv2 - ok
00:51:17.0732 1440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:51:17.0747 1440 srvnet - ok
00:51:17.0966 1440 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
00:51:17.0966 1440 ssudmdm - ok
00:51:18.0137 1440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:51:18.0200 1440 stexstor - ok
00:51:18.0543 1440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:51:18.0543 1440 swenum - ok
00:51:19.0011 1440 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
00:51:19.0027 1440 SymDS - ok
00:51:19.0354 1440 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
00:51:19.0385 1440 SymEFA - ok
00:51:19.0541 1440 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:51:19.0541 1440 SymEvent - ok
00:51:19.0760 1440 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
00:51:19.0760 1440 SymIM - ok
00:51:19.0978 1440 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
00:51:19.0978 1440 SymIRON - ok
00:51:20.0243 1440 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
00:51:20.0259 1440 SymNetS - ok
00:51:20.0524 1440 SynTP (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
00:51:20.0540 1440 SynTP - ok
00:51:20.0852 1440 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:51:20.0930 1440 Tcpip - ok
00:51:21.0226 1440 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:51:21.0242 1440 TCPIP6 - ok
00:51:21.0476 1440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:51:21.0476 1440 tcpipreg - ok
00:51:21.0694 1440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:51:21.0694 1440 TDPIPE - ok
00:51:21.0866 1440 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:51:21.0866 1440 TDTCP - ok
00:51:22.0084 1440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:51:22.0084 1440 tdx - ok
00:51:22.0318 1440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:51:22.0318 1440 TermDD - ok
00:51:22.0521 1440 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
00:51:22.0521 1440 Thpevm - ok
00:51:22.0833 1440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:51:22.0833 1440 tssecsrv - ok
00:51:23.0067 1440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:51:23.0067 1440 TsUsbFlt - ok
00:51:23.0332 1440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:51:23.0332 1440 tunnel - ok
00:51:23.0597 1440 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:51:23.0597 1440 TVALZ - ok
00:51:23.0831 1440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:51:23.0831 1440 uagp35 - ok
00:51:24.0081 1440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:51:24.0097 1440 udfs - ok
00:51:24.0253 1440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:51:24.0268 1440 uliagpkx - ok
00:51:24.0487 1440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:51:24.0487 1440 umbus - ok
00:51:24.0783 1440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:51:24.0783 1440 UmPass - ok
00:51:25.0048 1440 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:51:25.0111 1440 USBAAPL64 - ok
00:51:25.0392 1440 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:51:25.0392 1440 usbaudio - ok
00:51:25.0610 1440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:51:25.0610 1440 usbccgp - ok
00:51:25.0782 1440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:51:25.0797 1440 usbcir - ok
00:51:26.0000 1440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:51:26.0000 1440 usbehci - ok
00:51:26.0250 1440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:51:26.0265 1440 usbhub - ok
00:51:26.0499 1440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:51:26.0499 1440 usbohci - ok
00:51:26.0718 1440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:51:26.0733 1440 usbprint - ok
00:51:27.0014 1440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:51:27.0014 1440 USBSTOR - ok
00:51:27.0232 1440 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:51:27.0232 1440 usbuhci - ok
00:51:27.0466 1440 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:51:27.0466 1440 usbvideo - ok
00:51:27.0685 1440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:51:27.0685 1440 vdrvroot - ok
00:51:27.0872 1440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:51:27.0872 1440 vga - ok
00:51:28.0059 1440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:51:28.0059 1440 VgaSave - ok
00:51:28.0293 1440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:51:28.0293 1440 vhdmp - ok
00:51:28.0480 1440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:51:28.0480 1440 viaide - ok
00:51:28.0683 1440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:51:28.0683 1440 volmgr - ok
00:51:28.0995 1440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:51:29.0011 1440 volmgrx - ok
00:51:29.0276 1440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:51:29.0292 1440 volsnap - ok
00:51:29.0494 1440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:51:29.0494 1440 vsmraid - ok
00:51:29.0806 1440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:51:29.0806 1440 vwifibus - ok
00:51:30.0025 1440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:51:30.0025 1440 vwififlt - ok
00:51:30.0243 1440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:51:30.0243 1440 WacomPen - ok
00:51:30.0415 1440 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:51:30.0430 1440 WANARP - ok
00:51:30.0446 1440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:51:30.0446 1440 Wanarpv6 - ok
00:51:30.0758 1440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:51:30.0774 1440 Wd - ok
00:51:30.0992 1440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:51:30.0992 1440 Wdf01000 - ok
00:51:31.0273 1440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:51:31.0273 1440 WfpLwf - ok
00:51:31.0538 1440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:51:31.0538 1440 WIMMount - ok
00:51:31.0803 1440 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:51:31.0819 1440 WinUsb - ok
00:51:32.0022 1440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:51:32.0022 1440 WmiAcpi - ok
00:51:32.0224 1440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:51:32.0224 1440 ws2ifsl - ok
00:51:32.0505 1440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:51:32.0505 1440 WudfPf - ok
00:51:32.0708 1440 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:51:32.0708 1440 WUDFRd - ok
00:51:32.0802 1440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:51:32.0895 1440 \Device\Harddisk0\DR0 - ok
00:51:32.0895 1440 Boot (0x1200) (0d3ad6130466749683b82dcdc4174c7a) \Device\Harddisk0\DR0\Partition0
00:51:32.0895 1440 \Device\Harddisk0\DR0\Partition0 - ok
00:51:32.0911 1440 ============================================================
00:51:32.0911 1440 Scan finished
00:51:32.0911 1440 ============================================================
00:51:33.0020 5728 Detected object count: 0
00:51:33.0020 5728 Actual detected object count: 0


00:55:08.0795 1500 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
00:55:09.0809 1500 ============================================================
00:55:09.0809 1500 Current date / time: 2012/01/17 00:55:09.0809
00:55:09.0809 1500 SystemInfo:
00:55:09.0809 1500
00:55:09.0809 1500 OS Version: 6.1.7601 ServicePack: 1.0
00:55:09.0809 1500 Product type: Workstation
00:55:09.0809 1500 ComputerName: ERIC-LAPTOP
00:55:09.0809 1500 UserName: Eric
00:55:09.0809 1500 Windows directory: C:\Windows
00:55:09.0809 1500 System windows directory: C:\Windows
00:55:09.0809 1500 Running under WOW64
00:55:09.0809 1500 Processor architecture: Intel x64
00:55:09.0809 1500 Number of processors: 2
00:55:09.0809 1500 Page size: 0x1000
00:55:09.0809 1500 Boot type: Normal boot
00:55:09.0809 1500 ============================================================
00:55:11.0276 1500 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
00:55:11.0322 1500 Initialize success
00:55:16.0876 5924 ============================================================
00:55:16.0876 5924 Scan started
00:55:16.0876 5924 Mode: Manual; SigCheck; TDLFS;
00:55:16.0876 5924 ============================================================
00:55:17.0625 5924 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:55:17.0719 5924 1394ohci - ok
00:55:17.0921 5924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:55:17.0953 5924 ACPI - ok
00:55:18.0218 5924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:55:18.0249 5924 AcpiPmi - ok
00:55:18.0577 5924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:55:18.0608 5924 adp94xx - ok
00:55:18.0857 5924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:55:18.0904 5924 adpahci - ok
00:55:19.0169 5924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:55:19.0201 5924 adpu320 - ok
00:55:19.0403 5924 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:55:19.0419 5924 AFD - ok
00:55:19.0591 5924 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
00:55:19.0622 5924 AgereSoftModem - ok
00:55:19.0840 5924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:55:19.0840 5924 agp440 - ok
00:55:19.0981 5924 AirDisplay (45a5228c6fa82380ccb20a9d9a5be6f0) C:\Windows\system32\DRIVERS\AVVideoCard.sys
00:55:20.0027 5924 AirDisplay - ok
00:55:20.0168 5924 AirDisplayMirror (b889a6a38d0bcb44caabeb6234700fc9) C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys
00:55:20.0183 5924 AirDisplayMirror - ok
00:55:20.0339 5924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:55:20.0355 5924 aliide - ok
00:55:20.0480 5924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:55:20.0495 5924 amdide - ok
00:55:20.0636 5924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:55:20.0667 5924 AmdK8 - ok
00:55:20.0854 5924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:55:20.0885 5924 AmdPPM - ok
00:55:21.0057 5924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:55:21.0088 5924 amdsata - ok
00:55:21.0275 5924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:55:21.0322 5924 amdsbs - ok
00:55:21.0494 5924 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:55:21.0525 5924 amdxata - ok
00:55:21.0915 5924 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:55:21.0977 5924 AppID - ok
00:55:22.0196 5924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:55:22.0227 5924 arc - ok
00:55:22.0383 5924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:55:22.0383 5924 arcsas - ok
00:55:22.0539 5924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:55:22.0570 5924 AsyncMac - ok
00:55:22.0695 5924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:55:22.0711 5924 atapi - ok
00:55:23.0054 5924 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
00:55:23.0132 5924 atikmdag - ok
00:55:23.0491 5924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:55:23.0522 5924 b06bdrv - ok
00:55:23.0725 5924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:55:23.0771 5924 b57nd60a - ok
00:55:24.0005 5924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:55:24.0083 5924 Beep - ok
00:55:24.0567 5924 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
00:55:24.0598 5924 BHDrvx64 - ok
00:55:24.0739 5924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:55:24.0785 5924 blbdrive - ok
00:55:24.0973 5924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:55:25.0004 5924 bowser - ok
00:55:25.0144 5924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:55:25.0175 5924 BrFiltLo - ok
00:55:25.0300 5924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:55:25.0347 5924 BrFiltUp - ok
00:55:25.0519 5924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:55:25.0581 5924 BridgeMP - ok
00:55:25.0721 5924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:55:25.0753 5924 Brserid - ok
00:55:25.0924 5924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:55:25.0955 5924 BrSerWdm - ok
00:55:26.0111 5924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:55:26.0143 5924 BrUsbMdm - ok
00:55:26.0267 5924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:55:26.0314 5924 BrUsbSer - ok
00:55:26.0455 5924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:55:26.0501 5924 BTHMODEM - ok
00:55:26.0548 5924 catchme - ok
00:55:26.0751 5924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:55:26.0813 5924 cdfs - ok
00:55:27.0016 5924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:55:27.0032 5924 cdrom - ok
00:55:27.0203 5924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:55:27.0250 5924 circlass - ok
00:55:27.0359 5924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:55:27.0406 5924 CLFS - ok
00:55:27.0562 5924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:55:27.0593 5924 CmBatt - ok
00:55:27.0718 5924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:55:27.0749 5924 cmdide - ok
00:55:27.0890 5924 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:55:27.0921 5924 CNG - ok
00:55:28.0124 5924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:55:28.0155 5924 Compbatt - ok
00:55:28.0280 5924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:55:28.0327 5924 CompositeBus - ok
00:55:28.0483 5924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:55:28.0514 5924 crcdisk - ok
00:55:28.0670 5924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:55:28.0732 5924 DfsC - ok
00:55:28.0857 5924 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
00:55:28.0888 5924 dg_ssudbus - ok
00:55:29.0075 5924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:55:29.0138 5924 discache - ok
00:55:29.0278 5924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:55:29.0309 5924 Disk - ok
00:55:29.0465 5924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:55:29.0512 5924 drmkaud - ok
00:55:29.0668 5924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:55:29.0699 5924 DXGKrnl - ok
00:55:29.0918 5924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:55:29.0980 5924 ebdrv - ok
00:55:30.0136 5924 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:55:30.0167 5924 eeCtrl - ok
00:55:30.0323 5924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:55:30.0339 5924 elxstor - ok
00:55:30.0479 5924 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:55:30.0495 5924 EraserUtilRebootDrv - ok
00:55:30.0776 5924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:55:30.0807 5924 ErrDev - ok
00:55:30.0994 5924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:55:31.0057 5924 exfat - ok
00:55:31.0244 5924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:55:31.0306 5924 fastfat - ok
00:55:31.0665 5924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:55:31.0681 5924 fdc - ok
00:55:31.0899 5924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:55:31.0930 5924 FileInfo - ok
00:55:32.0180 5924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:55:32.0227 5924 Filetrace - ok
00:55:32.0414 5924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:55:32.0445 5924 flpydisk - ok
00:55:32.0757 5924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:55:32.0788 5924 FltMgr - ok
00:55:32.0991 5924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:55:33.0007 5924 FsDepends - ok
00:55:33.0209 5924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:55:33.0225 5924 Fs_Rec - ok
00:55:33.0443 5924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:55:33.0490 5924 fvevol - ok
00:55:33.0787 5924 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
00:55:33.0818 5924 FwLnk - ok
00:55:34.0005 5924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:55:34.0036 5924 gagp30kx - ok
00:55:34.0208 5924 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:55:34.0223 5924 GEARAspiWDM - ok
00:55:34.0473 5924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:55:34.0504 5924 hcw85cir - ok
00:55:34.0785 5924 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:55:34.0816 5924 HdAudAddService - ok
00:55:35.0050 5924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:55:35.0066 5924 HDAudBus - ok
00:55:35.0237 5924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:55:35.0253 5924 HidBatt - ok
00:55:35.0440 5924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:55:35.0471 5924 HidBth - ok
00:55:35.0690 5924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:55:35.0721 5924 HidIr - ok
00:55:36.0049 5924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:55:36.0095 5924 HidUsb - ok
00:55:36.0298 5924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:55:36.0329 5924 HpSAMD - ok
00:55:36.0532 5924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:55:36.0610 5924 HTTP - ok
00:55:37.0187 5924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:55:37.0219 5924 hwpolicy - ok
00:55:37.0421 5924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:55:37.0453 5924 i8042prt - ok
00:55:37.0718 5924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:55:37.0749 5924 iaStorV - ok
00:55:38.0170 5924 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSvia64.sys
00:55:38.0201 5924 IDSVia64 - ok
00:55:38.0467 5924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:55:38.0498 5924 iirsp - ok
00:55:38.0716 5924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:55:38.0747 5924 intelide - ok
00:55:38.0981 5924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:55:39.0013 5924 intelppm - ok
00:55:39.0200 5924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:55:39.0247 5924 IpFilterDriver - ok
00:55:39.0434 5924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:55:39.0449 5924 IPMIDRV - ok
00:55:39.0574 5924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:55:39.0652 5924 IPNAT - ok
00:55:39.0933 5924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:55:39.0964 5924 IRENUM - ok
00:55:40.0136 5924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:55:40.0167 5924 isapnp - ok
00:55:40.0339 5924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:55:40.0354 5924 iScsiPrt - ok
00:55:40.0541 5924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:55:40.0573 5924 kbdclass - ok
00:55:40.0744 5924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:55:40.0791 5924 kbdhid - ok
00:55:40.0916 5924 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:55:40.0947 5924 KSecDD - ok
00:55:41.0072 5924 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:55:41.0103 5924 KSecPkg - ok
00:55:41.0243 5924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:55:41.0290 5924 ksthunk - ok
00:55:41.0493 5924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:55:41.0555 5924 lltdio - ok
00:55:41.0758 5924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:55:41.0789 5924 LSI_FC - ok
00:55:42.0023 5924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:55:42.0055 5924 LSI_SAS - ok
00:55:42.0320 5924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:55:42.0335 5924 LSI_SAS2 - ok
00:55:42.0601 5924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:55:42.0616 5924 LSI_SCSI - ok
00:55:42.0788 5924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:55:42.0850 5924 luafv - ok
00:55:43.0162 5924 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:55:43.0193 5924 MBAMProtector - ok
00:55:43.0381 5924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:55:43.0396 5924 megasas - ok
00:55:43.0552 5924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:55:43.0599 5924 MegaSR - ok
00:55:43.0755 5924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:55:43.0833 5924 Modem - ok
00:55:43.0973 5924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:55:44.0020 5924 monitor - ok
00:55:44.0285 5924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:55:44.0317 5924 mouclass - ok
00:55:44.0488 5924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:55:44.0504 5924 mouhid - ok
00:55:44.0691 5924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:55:44.0722 5924 mountmgr - ok
00:55:44.0925 5924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:55:44.0956 5924 mpio - ok
00:55:45.0221 5924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:55:45.0284 5924 mpsdrv - ok
00:55:45.0502 5924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:55:45.0549 5924 MRxDAV - ok
00:55:45.0689 5924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:55:45.0736 5924 mrxsmb - ok
00:55:45.0986 5924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:55:46.0033 5924 mrxsmb10 - ok
00:55:46.0267 5924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:55:46.0298 5924 mrxsmb20 - ok
00:55:46.0532 5924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:55:46.0547 5924 msahci - ok
00:55:46.0719 5924 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:55:46.0750 5924 msdsm - ok
00:55:46.0953 5924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:55:47.0015 5924 Msfs - ok
00:55:47.0343 5924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:55:47.0405 5924 mshidkmdf - ok
00:55:47.0577 5924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:55:47.0608 5924 msisadrv - ok
00:55:47.0967 5924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:55:48.0014 5924 MSKSSRV - ok
00:55:48.0201 5924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:55:48.0263 5924 MSPCLOCK - ok
00:55:48.0451 5924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:55:48.0497 5924 MSPQM - ok
00:55:48.0653 5924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:55:48.0700 5924 MsRPC - ok
00:55:48.0872 5924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:55:48.0887 5924 mssmbios - ok
00:55:49.0137 5924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:55:49.0199 5924 MSTEE - ok
00:55:49.0449 5924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:55:49.0465 5924 MTConfig - ok
00:55:49.0714 5924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:55:49.0745 5924 Mup - ok
00:55:49.0886 5924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:55:49.0933 5924 NativeWifiP - ok
00:55:50.0120 5924 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\ENG64.SYS
00:55:50.0151 5924 NAVENG - ok
00:55:50.0385 5924 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\EX64.SYS
00:55:50.0432 5924 NAVEX15 - ok
00:55:50.0666 5924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:55:50.0681 5924 NDIS - ok
00:55:50.0869 5924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:55:50.0931 5924 NdisCap - ok
00:55:51.0134 5924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:51.0181 5924 NdisTapi - ok
00:55:51.0430 5924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:51.0477 5924 Ndisuio - ok
00:55:51.0649 5924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:51.0680 5924 NdisWan - ok
00:55:51.0914 5924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:55:51.0976 5924 NDProxy - ok
00:55:52.0226 5924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:55:52.0288 5924 NetBIOS - ok
00:55:52.0616 5924 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:55:52.0663 5924 NetBT - ok
00:55:53.0318 5924 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:55:53.0411 5924 NETw5s64 - ok
00:55:53.0786 5924 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:55:53.0879 5924 netw5v64 - ok
00:55:54.0051 5924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:55:54.0082 5924 nfrd960 - ok
00:55:54.0254 5924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:55:54.0332 5924 Npfs - ok
00:55:54.0550 5924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:55:54.0597 5924 nsiproxy - ok
00:55:54.0878 5924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:55:54.0940 5924 Ntfs - ok
00:55:55.0159 5924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:55:55.0221 5924 Null - ok
00:55:55.0471 5924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:55:55.0517 5924 nvraid - ok
00:55:55.0642 5924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:55:55.0658 5924 nvstor - ok
00:55:55.0829 5924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:55:55.0876 5924 nv_agp - ok
00:55:56.0063 5924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:55:56.0110 5924 ohci1394 - ok
00:55:56.0329 5924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:55:56.0375 5924 Parport - ok
00:55:56.0641 5924 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:55:56.0656 5924 partmgr - ok
00:55:56.0906 5924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:55:56.0921 5924 pci - ok
00:55:57.0180 5924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:55:57.0197 5924 pciide - ok
00:55:57.0430 5924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:55:57.0461 5924 pcmcia - ok
00:55:57.0699 5924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:55:57.0716 5924 pcw - ok
00:55:57.0967 5924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:55:58.0029 5924 PEAUTH - ok
00:55:58.0412 5924 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
00:55:58.0440 5924 Point64 - ok
00:55:58.0628 5924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:55:58.0683 5924 PptpMiniport - ok
00:55:58.0928 5924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:55:58.0960 5924 Processor - ok
00:55:59.0179 5924 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:55:59.0244 5924 Psched - ok
00:55:59.0639 5924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:55:59.0677 5924 ql2300 - ok
00:55:59.0837 5924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:55:59.0871 5924 ql40xx - ok
00:56:00.0119 5924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:56:00.0159 5924 QWAVEdrv - ok
00:56:00.0582 5924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:56:00.0640 5924 RasAcd - ok
00:56:00.0802 5924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:56:00.0866 5924 RasAgileVpn - ok
00:56:01.0047 5924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:56:01.0107 5924 Rasl2tp - ok
00:56:01.0298 5924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:56:01.0354 5924 RasPppoe - ok
00:56:01.0514 5924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:56:01.0559 5924 RasSstp - ok
00:56:01.0754 5924 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:56:01.0795 5924 rdbss - ok
00:56:01.0967 5924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:56:02.0012 5924 rdpbus - ok
00:56:02.0298 5924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:56:02.0352 5924 RDPCDD - ok
00:56:02.0623 5924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:56:02.0676 5924 RDPENCDD - ok
00:56:02.0857 5924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:56:02.0917 5924 RDPREFMP - ok
00:56:03.0326 5924 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:56:03.0387 5924 RDPWD - ok
00:56:03.0526 5924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:56:03.0553 5924 rdyboost - ok
00:56:03.0802 5924 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
00:56:03.0813 5924 Revoflt - ok
00:56:04.0063 5924 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
00:56:04.0077 5924 rimspci - ok
00:56:04.0243 5924 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
00:56:04.0275 5924 rixdpcie - ok
00:56:04.0473 5924 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
00:56:04.0505 5924 RsFx0150 - ok
00:56:04.0753 5924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:56:04.0793 5924 rspndr - ok
00:56:04.0957 5924 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:56:04.0988 5924 RTL8167 - ok
00:56:05.0221 5924 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
00:56:05.0270 5924 RTL8169 - ok
00:56:05.0538 5924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:56:05.0571 5924 sbp2port - ok
00:56:05.0999 5924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:56:06.0057 5924 scfilter - ok
00:56:06.0346 5924 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
00:56:06.0377 5924 sdbus - ok
00:56:06.0615 5924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:56:06.0671 5924 secdrv - ok
00:56:06.0910 5924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:56:06.0940 5924 Serenum - ok
00:56:07.0140 5924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:56:07.0175 5924 Serial - ok
00:56:07.0332 5924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:56:07.0361 5924 sermouse - ok
00:56:07.0655 5924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:56:07.0689 5924 sffdisk - ok
00:56:07.0909 5924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:56:07.0952 5924 sffp_mmc - ok
00:56:08.0145 5924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:56:08.0175 5924 sffp_sd - ok
00:56:08.0538 5924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:56:08.0557 5924 sfloppy - ok
00:56:08.0718 5924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:56:08.0731 5924 SiSRaid2 - ok
00:56:08.0984 5924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:56:08.0998 5924 SiSRaid4 - ok
00:56:09.0175 5924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:56:09.0217 5924 Smb - ok
00:56:09.0436 5924 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
00:56:09.0447 5924 SMR210 - ok
00:56:09.0687 5924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:56:09.0719 5924 spldr - ok
00:56:10.0081 5924 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
00:56:10.0121 5924 SRTSP - ok
00:56:10.0401 5924 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
00:56:10.0427 5924 SRTSPX - ok
00:56:10.0588 5924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:56:10.0628 5924 srv - ok
00:56:10.0825 5924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:56:10.0865 5924 srv2 - ok
00:56:11.0044 5924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:56:11.0077 5924 srvnet - ok
00:56:11.0219 5924 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
00:56:11.0250 5924 ssudmdm - ok
00:56:11.0378 5924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:56:11.0405 5924 stexstor - ok
00:56:11.0547 5924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:56:11.0577 5924 swenum - ok
00:56:11.0775 5924 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
00:56:11.0801 5924 SymDS - ok
00:56:12.0116 5924 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
00:56:12.0160 5924 SymEFA - ok
00:56:12.0307 5924 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:56:12.0334 5924 SymEvent - ok
00:56:12.0469 5924 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
00:56:12.0494 5924 SymIM - ok
00:56:12.0676 5924 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
00:56:12.0698 5924 SymIRON - ok
00:56:12.0910 5924 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
00:56:12.0938 5924 SymNetS - ok
00:56:13.0167 5924 SynTP (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
00:56:13.0208 5924 SynTP - ok
00:56:13.0383 5924 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:56:13.0431 5924 Tcpip - ok
00:56:13.0594 5924 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:56:13.0645 5924 TCPIP6 - ok
00:56:13.0773 5924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:56:13.0829 5924 tcpipreg - ok
00:56:14.0098 5924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:56:14.0158 5924 TDPIPE - ok
00:56:14.0533 5924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:56:14.0591 5924 TDTCP - ok
00:56:14.0729 5924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:56:14.0788 5924 tdx - ok
00:56:15.0053 5924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:56:15.0085 5924 TermDD - ok
00:56:15.0237 5924 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
00:56:15.0261 5924 Thpevm - ok
00:56:15.0395 5924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:56:15.0449 5924 tssecsrv - ok
00:56:15.0569 5924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:56:15.0604 5924 TsUsbFlt - ok
00:56:15.0757 5924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:56:15.0818 5924 tunnel - ok
00:56:16.0092 5924 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:56:16.0114 5924 TVALZ - ok
00:56:16.0242 5924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:56:16.0269 5924 uagp35 - ok
00:56:16.0409 5924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:56:16.0476 5924 udfs - ok
00:56:16.0609 5924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:56:16.0641 5924 uliagpkx - ok
00:56:16.0779 5924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:56:16.0810 5924 umbus - ok
00:56:16.0965 5924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:56:16.0992 5924 UmPass - ok
00:56:17.0193 5924 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:56:17.0223 5924 USBAAPL64 - ok
00:56:17.0381 5924 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:56:17.0414 5924 usbaudio - ok
00:56:17.0545 5924 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:56:17.0582 5924 usbccgp - ok
00:56:17.0705 5924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:56:17.0739 5924 usbcir - ok
00:56:17.0871 5924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:56:17.0906 5924 usbehci - ok
00:56:18.0170 5924 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:56:18.0213 5924 usbhub - ok
00:56:18.0332 5924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:56:18.0365 5924 usbohci - ok
00:56:18.0485 5924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:56:18.0520 5924 usbprint - ok
00:56:18.0648 5924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:56:18.0687 5924 USBSTOR - ok
00:56:18.0814 5924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:56:18.0845 5924 usbuhci - ok
00:56:19.0047 5924 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:56:19.0075 5924 usbvideo - ok
00:56:19.0239 5924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:56:19.0267 5924 vdrvroot - ok
00:56:19.0408 5924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:56:19.0447 5924 vga - ok
00:56:19.0683 5924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:56:19.0740 5924 VgaSave - ok
00:56:19.0818 5924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:56:19.0855 5924 vhdmp - ok
00:56:20.0040 5924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:56:20.0055 5924 viaide - ok
00:56:20.0204 5924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:56:20.0231 5924 volmgr - ok
00:56:20.0367 5924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:56:20.0406 5924 volmgrx - ok
00:56:20.0542 5924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:56:20.0583 5924 volsnap - ok
00:56:20.0717 5924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:56:20.0752 5924 vsmraid - ok
00:56:20.0881 5924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:56:20.0917 5924 vwifibus - ok
00:56:21.0202 5924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:56:21.0246 5924 vwififlt - ok
00:56:21.0377 5924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:56:21.0413 5924 WacomPen - ok
00:56:21.0559 5924 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:56:21.0624 5924 WANARP - ok
00:56:21.0638 5924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:56:21.0677 5924 Wanarpv6 - ok
00:56:21.0816 5924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:56:21.0845 5924 Wd - ok
00:56:22.0002 5924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:56:22.0036 5924 Wdf01000 - ok
00:56:22.0241 5924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:56:22.0299 5924 WfpLwf - ok
00:56:22.0424 5924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:56:22.0449 5924 WIMMount - ok
00:56:22.0626 5924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:56:22.0660 5924 WinUsb - ok
00:56:22.0791 5924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:56:22.0829 5924 WmiAcpi - ok
00:56:22.0968 5924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:56:23.0024 5924 ws2ifsl - ok
00:56:23.0265 5924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:56:23.0332 5924 WudfPf - ok
00:56:23.0474 5924 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:56:23.0542 5924 WUDFRd - ok
00:56:23.0599 5924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:56:23.0816 5924 \Device\Harddisk0\DR0 - ok
00:56:23.0853 5924 Boot (0x1200) (0d3ad6130466749683b82dcdc4174c7a) \Device\Harddisk0\DR0\Partition0
00:56:23.0855 5924 \Device\Harddisk0\DR0\Partition0 - ok
00:56:23.0856 5924 ============================================================
00:56:23.0856 5924 Scan finished
00:56:23.0856 5924 ============================================================
00:56:23.0878 3728 Detected object count: 0
00:56:23.0879 3728 Actual detected object count: 0

i'll also work on getting the rest of the instructions done and will post as soon as i'm finished. thanks!
  • 0

#8
ericc2728
Posted 17 January 2012 - 01:29 PM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL Logs

OTL logfile created on: 1/17/2012 1:08:40 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop\geeks to go
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 69.30% Memory free
15.99 Gb Paging File | 13.22 Gb Available in Paging File | 82.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 85.78 Gb Free Space | 18.89% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 21:03:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\geeks to go\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\Eric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/11/08 15:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/08/19 16:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/26 14:53:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 07:58:02 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/14 13:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 13:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 13:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 10:44:45 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 10:44:45 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/31 20:37:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\EX64.SYS -- (NAVEX15)
DRV - [2011/10/31 20:37:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120116.002\ENG64.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://movedowntown...n/MyOffice.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7E A0 6E 5F 45 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/05 22:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/17 12:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 02:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 10:10:16 | 000,000,000 | ---D | M]

[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/06 16:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions
[2011/06/29 09:55:20 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/11/12 12:30:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/31 19:06:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2011/11/05 13:15:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2012/01/14 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: USA TODAY = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggljnipbdiebhbmadknfbjlhehbohbn\2.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.17_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Offline Google Mail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: LastPass = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.1_0\
CHR - Extension: Smooth Gestures = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Linkclump = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.0.16_0\
CHR - Extension: Copy Link Text = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FreshStart - Cross Browser Session Manager = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb\1.5.4_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2012/01/16 18:55:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dekisoft Monitor Off Utility] C:\Program Files (x86)\Monitor Off Utility\monoff.exe (Dekisoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://cbrmls.columb...ol/IRCSharc.cab (GeacRevw Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3315377E-1827-411A-8A89-D1292871D5AE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 12:39:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 20:10:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 20:10:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/16 20:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 18:55:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/16 18:51:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/16 18:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 18:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 18:39:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 18:39:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/16 16:57:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 14:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 14:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\geeks to go
[2012/01/13 23:24:55 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/13 20:04:49 | 000,000,000 | ---D | C] -- C:\NPE
[2012/01/13 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Temp
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/13 14:38:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 16:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GO Contact Sync Mod
[2012/01/11 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebGear
[2012/01/11 16:05:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/11 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\NPE
[2012/01/11 03:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\679C1
[2012/01/09 17:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/01/09 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\PDF-XChange.Viewer.Pro.v2.042.7.Multilingual.Cracked-EAT
[2012/01/09 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/09 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5C9B070-3124-44D4-A2B0-51E843B0421E}
[2012/01/09 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{26F4E894-BE27-4D56-80C2-DECD41B57B7F}
[2012/01/09 01:40:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5F690E7E-FE96-4F1C-ACFC-8A2FBDDD42AD}
[2012/01/09 01:40:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2FC95A88-D39F-459B-B7F0-C58608BE1660}
[2012/01/08 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AACCF45-EC22-46EC-A236-C7D06B5C275F}
[2012/01/08 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D650295A-2195-425A-8A82-0CC902A6F37A}
[2012/01/08 01:40:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A3EF6F9B-EC64-4F35-B611-FA24D122696E}
[2012/01/08 01:40:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AECBE636-CA8D-47A8-9D8C-6A302B8981DE}
[2011/12/30 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA8063F6-590E-4E7C-823F-2ADF139AC157}
[2011/12/30 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{43FBE04C-7767-48A2-8A58-49B05224213C}
[2011/12/29 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D35D1A2-7DDC-43A6-B5E6-A175EAB048CF}
[2011/12/29 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDF54AE7-0EA6-4018-BA9E-89E8C01066CA}
[2011/12/25 23:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/22 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DEBFC9FE-26FB-4F48-9025-399E3FD7572A}
[2011/12/22 17:29:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{59E8FE2C-1297-4A07-96D5-28457E0839AD}
[2011/12/21 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{10654CD9-E24B-415D-986D-F70F31D759E1}
[2011/12/21 23:29:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D7F844A1-9065-4A39-8718-61043782FCD7}
[2011/12/20 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CB98EDCE-D14B-44D7-BD5D-F08265D65A9F}
[2011/12/20 16:24:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{15EABF08-E920-43B8-B2D3-FE6D7783ADBC}
[2011/12/20 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Synaptics
[2011/12/20 00:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/12/20 00:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2011/12/20 00:03:23 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/12/20 00:03:23 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/12/20 00:03:23 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/12/20 00:03:23 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/12/20 00:03:22 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/12/20 00:03:22 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/12/20 00:03:22 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2011/12/20 00:03:22 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/12/19 23:38:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/18 22:31:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Skype
[2011/12/18 22:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/04/08 19:57:26 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/17 13:01:13 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 13:01:13 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 12:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/17 12:54:43 | 000,001,888 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/01/17 12:53:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/17 12:53:13 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/17 12:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/17 12:52:33 | 2145,898,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 12:39:51 | 000,255,874 | ---- | M] () -- C:\Users\Eric\Desktop\winsock2.reg
[2012/01/17 12:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/17 12:37:33 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/17 00:48:22 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/16 20:10:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 18:55:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/15 20:50:31 | 000,005,357 | ---- | M] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:50:24 | 000,178,645 | ---- | M] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 13:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/14 01:06:16 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 19:19:22 | 000,000,149 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/13 18:05:50 | 000,122,616 | ---- | M] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:16:39 | 000,822,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 16:16:39 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 16:16:39 | 000,131,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 16:14:17 | 000,001,380 | ---- | M] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 15:29:33 | 326,268,174 | ---- | M] () -- C:\Regbackup.reg
[2012/01/11 03:30:35 | 000,002,664 | ---- | M] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/11 03:30:31 | 000,031,256 | ---- | M] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/05 16:00:16 | 001,329,952 | ---- | M] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:24 | 000,002,600 | ---- | M] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/21 15:18:41 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/12/20 19:51:14 | 000,044,713 | ---- | M] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2012/01/17 12:54:43 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/01/17 12:39:51 | 000,255,874 | ---- | C] () -- C:\Users\Eric\Desktop\winsock2.reg
[2012/01/16 20:10:32 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 18:39:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 18:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 18:39:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/15 20:50:31 | 000,005,357 | ---- | C] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:47:24 | 000,178,645 | ---- | C] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 01:06:15 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 18:05:49 | 000,122,616 | ---- | C] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:20:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F\isolate.ini
[2012/01/13 16:14:15 | 000,001,380 | ---- | C] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/12 22:45:11 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/01/11 15:29:10 | 326,268,174 | ---- | C] () -- C:\Regbackup.reg
[2012/01/11 03:30:31 | 000,031,256 | ---- | C] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/11 03:30:31 | 000,002,664 | ---- | C] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/05 15:55:56 | 001,329,952 | ---- | C] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:21 | 000,002,600 | ---- | C] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 19:51:14 | 000,044,713 | ---- | C] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/12/20 00:03:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/13 22:00:15 | 000,231,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/08/11 18:59:22 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/12 15:25:44 | 000,797,020 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\ericc2728.zip
[2011/05/03 10:48:36 | 000,000,320 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SEC540722.trad
[2011/05/03 10:48:24 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2011/03/24 12:38:31 | 000,000,341 | ---- | C] () -- C:\Windows\BCLWDDE.INI
[2011/03/12 15:22:21 | 000,010,240 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 13:22:51 | 000,001,465 | ---- | C] () -- C:\Windows\pcforms.ini
[2011/02/02 14:53:41 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/01 18:03:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/01 17:32:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/28 14:34:08 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/27 16:49:45 | 000,037,843 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/27 15:08:04 | 000,000,149 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/26 15:04:13 | 000,000,410 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/25 22:37:48 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/25 16:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011/01/25 13:36:46 | 000,000,017 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2011/01/25 03:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/29 01:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/30 20:26:00 | 000,365,568 | ---- | C] () -- C:\Windows\SysWow64\WINCTL32.DLL
[2010/06/30 20:26:00 | 000,055,808 | ---- | C] () -- C:\Windows\ICE_JNIRegistry.dll
[2010/06/30 20:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Simspy32.dll
[2010/06/30 20:26:00 | 000,032,768 | ---- | C] () -- C:\Windows\Java2INI.dll
[2010/06/23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/13 15:58:21 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2003/02/28 15:51:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\easysoap.dll
[2003/01/28 02:09:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

========== LOP Check ==========

[2011/07/23 10:20:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Actual Tools
[2011/12/23 12:57:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/10/28 10:07:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\calibre
[2011/06/23 12:06:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CatenaLogic
[2012/01/09 16:01:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CrashPlan
[2012/01/10 23:36:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2012/01/15 13:47:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FileZilla
[2011/11/26 21:51:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Genie-Soft
[2011/05/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GlarySoft
[2011/07/20 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GoContactSyncMOD
[2011/02/13 18:49:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Guitar Pro 6
[2011/08/25 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Jason Robitaille
[2011/09/26 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\KompoZer
[2011/01/26 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Maximizer
[2011/01/25 15:06:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PowerCinema
[2011/01/26 00:12:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\RoboForm
[2011/11/06 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Samsung
[2011/12/19 23:45:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Soocial
[2011/02/16 15:25:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoocialInstallationLogs
[2011/12/20 00:06:57 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Synaptics
[2012/01/13 01:11:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TeamViewer
[2011/02/03 17:01:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Tific
[2011/08/04 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Titanium
[2011/04/29 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Tracker Software
[2011/05/03 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TradeStation Technologies
[2011/07/06 15:30:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/01/25 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ulead Systems
[2012/01/16 01:20:32 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2011/10/13 12:01:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\webex
[2011/01/28 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Win7codecs
[2011/01/25 20:16:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\WinBatch
[2011/05/30 14:52:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Windows Live Writer
[2012/01/14 13:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/17 12:37:33 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/17 12:53:13 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/01/13 16:49:22 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Windows:

< End of report >


OTL Extras logfile created on: 1/16/2012 9:04:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.18 Gb Available Physical Memory | 64.75% Memory free
15.99 Gb Paging File | 12.87 Gb Available in Paging File | 80.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 76.55 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
Drive Y: | 74.52 Gb Total Space | 40.34 Gb Free Space | 54.14% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{3EE30764-A4C2-4371-8EC5-61418CF6271B}" = Air Display Support
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Unlocker" = Unlocker 1.9.0-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{0FAFE712-DF6D-455C-9016-861A0CDC1E1D}" = pcFORMation 5.3.6 Install
"{10F0131F-1CA2-4433-8473-7C890C769581}_is1" = Monitor Off Utility 1.0
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4590D323-F7A7-4FD0-B133-956B40FFDD43}" = Xmarks for IE
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{576C2EBB-1476-4F43-86FC-E2517075C750}" = TD AMERITRADE StrategyDesk 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{64619D4F-9F26-7385-13CD-CF437EB1B778}" = Maximizer CRM Help
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EB46CEF-A947-44B8-95B5-BDF19B761590}" = ProfiDing
"{A373F67B-8305-4CE0-AA04-59E3FAED7693}" = pcFORMation 5.3.1 Real Estate Forms Demo
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A6CB7126-16B0-6D09-4D46-FA6E2A3D135A}" = MaxExchange Remote Help
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA3155-780B-A582-81EC-4E803375E151}" = Maximizer CRM Administrator Help
"{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"BSPlayerf" = BS.Player FREE
"FileZilla Client" = FileZilla Client 3.5.2
"Glary Utilities_is1" = Glary Utilities 2.37.0.1260
"Google Calendar Sync" = Google Calendar Sync
"GuitarSpeedTrainer_is1" = GST 2.3.8.4
"InstallShield_{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Maximizer CRM 11_{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11 Group Edition Workstation
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Rename Master_is1" = Rename Master
"Simpli Software's Places Utility_is1" = Simpli Software's Places Utility v1.0
"Tag&Rename_is1" = Tag&Rename 3.5
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"thinkorswim" = thinkorswim
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

View.exe logs
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2012 2:21:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 6:24:51 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 17/01/2012 6:23:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SQL Server (MAXIMIZER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 17/01/2012 6:23:50 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MAXIMIZER) service to connect.

Log: 'System' Date/Time: 17/01/2012 6:23:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Rescue (28ec28fe-b6a0-41cf-875f-97e948bf15af) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/01/2012 6:23:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Rescue (261da54f-1e37-4813-8d88-0419630b1c3d) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/01/2012 6:23:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Rescue (0fe6e286-2520-4db5-80eb-6fd4c551264d) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/01/2012 6:23:17 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 17/01/2012 6:23:09 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 17/01/2012 6:23:09 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

Log: 'System' Date/Time: 17/01/2012 6:23:08 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 17/01/2012 6:23:08 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 6:21:57 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2012 2:23:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 6:24:51 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 17/01/2012 6:23:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SQL Server (MAXIMIZER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 17/01/2012 6:23:50 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MAXIMIZER) service to connect.

Log: 'System' Date/Time: 17/01/2012 6:23:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Rescue (28ec28fe-b6a0-41cf-875f-97e948bf15af) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/01/2012 6:23:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Rescue (261da54f-1e37-4813-8d88-0419630b1c3d) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/01/2012 6:23:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Rescue (0fe6e286-2520-4db5-80eb-6fd4c551264d) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/01/2012 6:23:17 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 17/01/2012 6:23:09 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 17/01/2012 6:23:09 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

Log: 'System' Date/Time: 17/01/2012 6:23:08 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 17/01/2012 6:23:08 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 6:21:57 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#9
RKinner
Posted 17 January 2012 - 02:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
We got all but one of the O10 entries that say no file to go away. Let's see if we can get the last one:


Copy the text in the code box by highlighting and Ctrl + c 


:OTL
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    
:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


I don't see the Application log from VEW. You got the System log twice.


These three services are not happy for some reason. If you don't use them then:

Right click on Computer and Select Manage then Services and Applications then Services. Find each
and right click on the service and select Properties then change the Startup Type: to Disabled and Apply. OK.

SQL Server (MAXIMIZER)
LogMeIn Rescue
Computer Browser

If you do use them you need to reinstall LogMeIn or SQL Server. Computer Browser is not really important so you can just turn it off.

You are getting a lot of atikmdag errors so you probably need a new video/graphics driver. Check on your PC maker's website and see if they have a new one.

Ron
  • 0

#10
ericc2728
Posted 17 January 2012 - 04:24 PM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
after running that last command i can't get online. should i try that winsock2.reg fix? also tried to run the vino event viewer and i'm getting an automation error, invalid access to memory location
  • 0

Advertisements

#11
RKinner
Posted 17 January 2012 - 05:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You can right click on winsock2.reg and MERGE. It should take us back to where we were before we ran the OTL and netsh.
  • 0

#12
ericc2728
Posted 17 January 2012 - 11:04 PM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok that worked, back on line

here is the vew application log


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/01/2012 12:02:44 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/01/2012 4:29:44 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 18/01/2012 4:28:46 AM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 18/01/2012 4:23:32 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 18/01/2012 4:23:24 AM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 18/01/2012 4:23:08 AM
Type: Error Category: 0
Event: 10 Source: SQLBrowser
The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Log: 'Application' Date/Time: 18/01/2012 4:23:08 AM
Type: Error Category: 0
Event: 11 Source: SQLBrowser
The SQLBrowser service encountered a critical failure.

Log: 'Application' Date/Time: 18/01/2012 2:25:52 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 18/01/2012 2:25:45 AM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 18/01/2012 2:25:27 AM
Type: Error Category: 0
Event: 10 Source: SQLBrowser
The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Log: 'Application' Date/Time: 18/01/2012 2:25:27 AM
Type: Error Category: 0
Event: 11 Source: SQLBrowser
The SQLBrowser service encountered a critical failure.

Log: 'Application' Date/Time: 17/01/2012 10:11:55 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/01/2012 10:11:16 PM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 17/01/2012 10:10:56 PM
Type: Error Category: 0
Event: 10 Source: SQLBrowser
The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Log: 'Application' Date/Time: 17/01/2012 10:10:56 PM
Type: Error Category: 0
Event: 11 Source: SQLBrowser
The SQLBrowser service encountered a critical failure.

Log: 'Application' Date/Time: 17/01/2012 6:54:23 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 16.0.912.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c4c Start Time: 01ccd547be1d250b Termination Time: 15 Application Path: C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: a7af3d28-413c-11e1-9a51-001e33cc9aa7

Log: 'Application' Date/Time: 17/01/2012 6:24:43 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/01/2012 6:24:07 PM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 17/01/2012 5:54:31 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/01/2012 5:53:46 PM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 17/01/2012 5:45:03 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/01/2012 4:27:06 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 18/01/2012 2:22:42 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 548 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 548 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 548 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 548 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 548 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 17/01/2012 5:51:15 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 17/01/2012 5:41:52 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 17/01/2012 3:06:00 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 564 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 564 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 564 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 564 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 564 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 16/01/2012 11:51:56 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 16/01/2012 11:51:56 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 11:51:56 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 10:17:39 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 10:11:29 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 10:11:29 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 10:01:39 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 9:57:24 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 16/01/2012 9:57:24 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 9:57:23 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 7:19:32 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 6:20:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1948204673-1780984394-1029538037-1000:
Process 492 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 492 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000
Process 492 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\My
Process 492 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 492 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1948204673-1780984394-1029538037-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 16/01/2012 6:20:33 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 6:20:32 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 16/01/2012 5:24:57 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
  • 0

#13
RKinner
Posted 17 January 2012 - 11:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

netsh  winsock  reset  catalog



Reboot. See if you can still get on line. If not you can right click on winsock2.reg and select Merge then reboot and it should get you back on line. If that doesn't help you can always do a System Restore to the last restore point. If you are able to get on line you can delete the winsock2.reg file.


Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll
nwprovau.dll 
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#14
ericc2728
Posted 18 January 2012 - 04:21 PM

ericc2728

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
getting online wasn't a problem after that last command prompt command

here are logs


OTL logfile created on: 18/01/2012 4:33:14 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop\geeks to go
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 67.97% Memory free
15.99 Gb Paging File | 13.15 Gb Available in Paging File | 82.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 85.28 Gb Free Space | 18.78% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 21:03:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\geeks to go\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 06:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 06:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\Eric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/20 13:39:45 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Eric\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/16 10:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/11/08 15:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/08/19 16:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/06 19:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/10 19:47:12 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/26 14:53:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 07:58:02 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/14 13:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 13:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/12 18:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/14 16:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 13:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 10:44:45 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 10:44:45 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/31 20:37:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120117.003\EX64.SYS -- (NAVEX15)
DRV - [2011/10/31 20:37:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120117.003\ENG64.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120114.005\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://movedowntown...n/MyOffice.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7E A0 6E 5F 45 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/05 22:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/18 12:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 02:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 10:10:16 | 000,000,000 | ---D | M]

[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/06/03 16:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/06 16:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions
[2011/06/29 09:55:20 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/11/12 12:30:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/31 19:06:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2011/11/05 13:15:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\agrx8nd2.default\extensions\[email protected]
[2012/01/14 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: USA TODAY = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggljnipbdiebhbmadknfbjlhehbohbn\2.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.17_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Offline Google Mail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: LastPass = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.1_0\
CHR - Extension: Smooth Gestures = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Linkclump = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.0.16_0\
CHR - Extension: Copy Link Text = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Poppit = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FreshStart - Cross Browser Session Manager = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb\1.5.4_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2012/01/16 18:55:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dekisoft Monitor Off Utility] C:\Program Files (x86)\Monitor Off Utility\monoff.exe (Dekisoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://cbrmls.columb...ol/IRCSharc.cab (GeacRevw Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3315377E-1827-411A-8A89-D1292871D5AE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51398D5A-0EC7-4C59-898D-AC16AE86436F}: NameServer = 209.18.47.61,209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\vio\dvacm.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - mpegacm.acm File not found
Drivers32: msacm.ulmp3acm - ulmp3acm.acm File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 12:39:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 20:10:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 20:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 20:10:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/16 20:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 18:55:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/16 18:51:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/16 18:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 18:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 18:39:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 18:39:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/16 16:57:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 14:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 14:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\geeks to go
[2012/01/13 23:24:55 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/13 20:04:49 | 000,000,000 | ---D | C] -- C:\NPE
[2012/01/13 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Temp
[2012/01/13 16:21:42 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/01/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/01/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/13 14:38:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 16:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GO Contact Sync Mod
[2012/01/11 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebGear
[2012/01/11 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\NPE
[2012/01/11 03:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\679C1
[2012/01/11 02:56:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 02:56:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 02:56:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 02:56:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 02:56:35 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 02:56:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 02:56:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/09 17:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/01/09 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\PDF-XChange.Viewer.Pro.v2.042.7.Multilingual.Cracked-EAT
[2012/01/09 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/09 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F5C9B070-3124-44D4-A2B0-51E843B0421E}
[2012/01/09 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{26F4E894-BE27-4D56-80C2-DECD41B57B7F}
[2012/01/09 01:40:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5F690E7E-FE96-4F1C-ACFC-8A2FBDDD42AD}
[2012/01/09 01:40:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2FC95A88-D39F-459B-B7F0-C58608BE1660}
[2012/01/08 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AACCF45-EC22-46EC-A236-C7D06B5C275F}
[2012/01/08 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D650295A-2195-425A-8A82-0CC902A6F37A}
[2012/01/08 01:40:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A3EF6F9B-EC64-4F35-B611-FA24D122696E}
[2012/01/08 01:40:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AECBE636-CA8D-47A8-9D8C-6A302B8981DE}
[2011/12/30 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA8063F6-590E-4E7C-823F-2ADF139AC157}
[2011/12/30 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{43FBE04C-7767-48A2-8A58-49B05224213C}
[2011/12/29 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D35D1A2-7DDC-43A6-B5E6-A175EAB048CF}
[2011/12/29 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDF54AE7-0EA6-4018-BA9E-89E8C01066CA}
[2011/12/25 23:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/25 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/22 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DEBFC9FE-26FB-4F48-9025-399E3FD7572A}
[2011/12/22 17:29:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{59E8FE2C-1297-4A07-96D5-28457E0839AD}
[2011/12/21 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{10654CD9-E24B-415D-986D-F70F31D759E1}
[2011/12/21 23:29:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D7F844A1-9065-4A39-8718-61043782FCD7}
[2011/12/20 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CB98EDCE-D14B-44D7-BD5D-F08265D65A9F}
[2011/12/20 16:24:55 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{15EABF08-E920-43B8-B2D3-FE6D7783ADBC}
[2011/12/20 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Synaptics
[2011/12/20 00:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/12/20 00:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/20 00:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2011/12/20 00:03:23 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/12/20 00:03:23 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/12/20 00:03:23 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/12/20 00:03:23 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/12/20 00:03:22 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/12/20 00:03:22 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/12/20 00:03:22 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2011/12/20 00:03:22 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/12/19 23:38:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/04/08 19:57:26 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2012/01/18 16:44:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/18 16:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000UA.job
[2012/01/18 16:37:15 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/18 16:30:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 16:30:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/18 13:00:28 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 13:00:28 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 12:53:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 12:53:12 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/18 12:52:41 | 2145,898,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 12:54:43 | 000,001,888 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/01/17 12:39:51 | 000,255,874 | ---- | M] () -- C:\Users\Eric\Desktop\winsock2.reg
[2012/01/17 00:48:22 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948204673-1780984394-1029538037-1000Core.job
[2012/01/16 20:10:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 18:55:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/15 20:50:31 | 000,005,357 | ---- | M] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:50:24 | 000,178,645 | ---- | M] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 01:06:16 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 19:19:22 | 000,000,149 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/13 18:05:50 | 000,122,616 | ---- | M] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:16:39 | 000,822,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 16:16:39 | 000,692,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 16:16:39 | 000,131,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 16:14:17 | 000,001,380 | ---- | M] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/13 14:38:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/11 17:38:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/11 15:29:33 | 326,268,174 | ---- | M] () -- C:\Regbackup.reg
[2012/01/11 03:30:35 | 000,002,664 | ---- | M] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/11 03:30:31 | 000,031,256 | ---- | M] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/05 16:00:16 | 001,329,952 | ---- | M] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:24 | 000,002,600 | ---- | M] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/21 15:18:41 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/12/20 19:51:14 | 000,044,713 | ---- | M] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2012/01/17 12:54:43 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/01/17 12:39:51 | 000,255,874 | ---- | C] () -- C:\Users\Eric\Desktop\winsock2.reg
[2012/01/16 20:10:32 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 18:39:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 18:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 18:39:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/15 20:50:31 | 000,005,357 | ---- | C] () -- C:\Users\Eric\Desktop\Attach.zip
[2012/01/15 15:38:23 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat
[2012/01/15 13:47:24 | 000,178,645 | ---- | C] () -- C:\Users\Eric\Desktop\20120114_001915.jpg
[2012/01/14 01:06:15 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 18:05:49 | 000,122,616 | ---- | C] () -- C:\Users\Eric\Desktop\BFE.reg
[2012/01/13 16:21:35 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2012/01/13 16:20:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0401000.00F\isolate.ini
[2012/01/13 16:14:15 | 000,001,380 | ---- | C] () -- C:\Users\Eric\Desktop\Norton Installation Files.lnk
[2012/01/13 14:41:22 | 000,000,777 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SMRBackup210.dat
[2012/01/12 22:45:11 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/01/11 15:29:10 | 326,268,174 | ---- | C] () -- C:\Regbackup.reg
[2012/01/11 03:30:31 | 000,031,256 | ---- | C] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2012/01/11 03:30:31 | 000,002,664 | ---- | C] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}
[2012/01/05 15:55:56 | 001,329,952 | ---- | C] () -- C:\Users\Eric\Desktop\Average_Joes_To_Go_FA12.pdf
[2011/12/29 20:49:21 | 000,002,600 | ---- | C] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2011/12/25 23:00:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/20 19:51:14 | 000,044,713 | ---- | C] () -- C:\Users\Eric\Desktop\ABAMECTIN 1.pdf
[2011/12/20 00:04:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/12/20 00:03:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/13 22:00:15 | 000,231,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/08/11 18:59:22 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/12 15:25:44 | 000,797,020 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\ericc2728.zip
[2011/05/03 10:48:36 | 000,000,320 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\SEC540722.trad
[2011/05/03 10:48:24 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2011/03/24 12:38:31 | 000,000,341 | ---- | C] () -- C:\Windows\BCLWDDE.INI
[2011/03/12 15:22:21 | 000,010,240 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 13:22:51 | 000,001,465 | ---- | C] () -- C:\Windows\pcforms.ini
[2011/02/02 14:53:41 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/01 18:03:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/01 17:32:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/28 14:34:08 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/27 16:49:45 | 000,037,843 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/27 15:08:04 | 000,000,149 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/26 15:04:13 | 000,000,410 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/25 22:37:48 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/25 16:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011/01/25 13:36:46 | 000,000,017 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2011/01/25 03:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/29 01:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/30 20:26:00 | 000,365,568 | ---- | C] () -- C:\Windows\SysWow64\WINCTL32.DLL
[2010/06/30 20:26:00 | 000,055,808 | ---- | C] () -- C:\Windows\ICE_JNIRegistry.dll
[2010/06/30 20:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\Simspy32.dll
[2010/06/30 20:26:00 | 000,032,768 | ---- | C] () -- C:\Windows\Java2INI.dll
[2010/06/23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/13 15:58:21 | 000,000,008 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2003/02/28 15:51:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\easysoap.dll
[2003/01/28 02:09:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/06/20 14:47:12 | 000,000,124 | ---- | M] () -- C:\aso.err
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/01/25 22:59:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/01/16 19:04:00 | 000,070,567 | ---- | M] () -- C:\ComboFix.txt
[2012/01/18 12:52:41 | 2145,898,495 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 15:05:00 | 000,009,213 | ---- | M] () -- C:\java_log.txt
[2011/01/25 03:11:27 | 000,000,527 | -H-- | M] () -- C:\log.txt
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/01/18 12:52:48 | 4292,853,759 | -HS- | M] () -- C:\pagefile.sys
[2012/01/11 15:29:33 | 326,268,174 | ---- | M] () -- C:\Regbackup.reg
[2012/01/17 12:36:58 | 000,082,162 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_17.01.2012_00.55.08_log.txt
[2009/07/22 13:19:38 | 021,802,645 | ---- | M] () -- C:\Toshiba Registry Backup.cab
[2012/01/18 00:03:38 | 000,021,120 | ---- | M] () -- C:\VEW.txt
[2012/01/11 03:30:31 | 000,031,256 | ---- | M] () -- C:\{27665EE5-2AC5-443B-9FFE-7F6BCDEA2273}
[2011/03/26 12:32:11 | 000,002,576 | ---- | M] () -- C:\{4715E4A3-819C-4FDD-A2AB-6AE16D880E6D}
[2011/12/29 20:49:24 | 000,002,600 | ---- | M] () -- C:\{66706779-3150-4686-8960-64808F6A89F3}
[2012/01/11 03:30:35 | 000,002,664 | ---- | M] () -- C:\{BA1E3C8B-3DD8-46EB-A96F-84A5AC9FAA45}

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: BEEP.SYS >
[2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CONNECT.DLL >
[2009/07/13 20:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\SysWOW64\connect.dll
[2009/07/13 20:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_64e4e40af80e0f24\connect.dll
[2009/07/13 20:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\SysNative\connect.dll
[2009/07/13 20:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_c1037f8eb06b805a\connect.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2010/11/20 08:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\SysNative\netcfgx.dll
[2010/11/20 08:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_9c3aecd33c2750cf\netcfgx.dll
[2010/11/20 07:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\SysWOW64\netcfgx.dll
[2010/11/20 07:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_401c514f83c9df99\netcfgx.dll
[2009/07/13 20:41:52 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=8F6D9A20F1FB06F0602A7D5A82840DBF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_9a09d90b3f38cd35\netcfgx.dll
[2009/07/13 20:16:02 | 000,403,456 | ---- | M] (Microsoft Corporation) MD5=C5B5CCDBF8ED1475240313ED88234E3F -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_3deb3d8786db5bff\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\ERDNT\cache64\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: NETSHELL.DLL >
[2009/07/13 20:41:52 | 002,651,136 | ---- | M] (Microsoft Corporation) MD5=66920354B984D4A3848A84B4E66745EA -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_31785c7a27bbcfd4\netshell.dll
[2010/11/20 08:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\SysNative\netshell.dll
[2010/11/20 08:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e\netshell.dll
[2010/11/20 07:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\SysWOW64\netshell.dll
[2010/11/20 07:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_d78ad4be6c4ce238\netshell.dll
[2009/07/13 20:16:03 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=F7611E0F05B4EB272102CA9883CA98A7 -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_d559c0f66f5e5e9e\netshell.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Windows:

< End of report >


OTL Extras logfile created on: 18/01/2012 4:33:14 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop\geeks to go
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 67.97% Memory free
15.99 Gb Paging File | 13.15 Gb Available in Paging File | 82.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.05 Gb Total Space | 85.28 Gb Free Space | 18.78% Space Free | Partition Type: NTFS

Computer Name: ERIC-LAPTOP | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{3EE30764-A4C2-4371-8EC5-61418CF6271B}" = Air Display Support
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Unlocker" = Unlocker 1.9.0-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{0FAFE712-DF6D-455C-9016-861A0CDC1E1D}" = pcFORMation 5.3.6 Install
"{10F0131F-1CA2-4433-8473-7C890C769581}_is1" = Monitor Off Utility 1.0
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4590D323-F7A7-4FD0-B133-956B40FFDD43}" = Xmarks for IE
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{576C2EBB-1476-4F43-86FC-E2517075C750}" = TD AMERITRADE StrategyDesk 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{64619D4F-9F26-7385-13CD-CF437EB1B778}" = Maximizer CRM Help
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EB46CEF-A947-44B8-95B5-BDF19B761590}" = ProfiDing
"{A373F67B-8305-4CE0-AA04-59E3FAED7693}" = pcFORMation 5.3.1 Real Estate Forms Demo
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A6CB7126-16B0-6D09-4D46-FA6E2A3D135A}" = MaxExchange Remote Help
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA3155-780B-A582-81EC-4E803375E151}" = Maximizer CRM Administrator Help
"{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"BSPlayerf" = BS.Player FREE
"FileZilla Client" = FileZilla Client 3.5.2
"Glary Utilities_is1" = Glary Utilities 2.37.0.1260
"Google Calendar Sync" = Google Calendar Sync
"GuitarSpeedTrainer_is1" = GST 2.3.8.4
"InstallShield_{1A233009-8656-471D-BD30-DB22BA4F15C4}" = Maximizer CRM 11 Service Release 2
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Maximizer CRM 11_{C8C415A8-E930-4227-9AFA-F64618025E7E}" = Maximizer CRM 11 Group Edition Workstation
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Rename Master_is1" = Rename Master
"Simpli Software's Places Utility_is1" = Simpli Software's Places Utility v1.0
"Tag&Rename_is1" = Tag&Rename 3.5
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"thinkorswim" = thinkorswim
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#15
RKinner
Posted 18 January 2012 - 04:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:files
C:\Windows\system32\consrv.dll
C:\Windows\system64\consrv.dll
C:\Windows\system64
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2a.reg /c

    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Then run the OTL with the script like you did in post #13.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP