Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow/crashing PC a few problems

Started by NickyM , Feb 02 2012 12:24 PM

  • Please log in to reply

#1
NickyM
Posted 02 February 2012 - 12:24 PM

NickyM

    New Member

  • Member
  • Pip
  • 8 posts
Hi guys, hope someone can point me in the right direction here. I've been having problems with my PC for a few months now, it started refusing to update, so I had to manually install each update until I found the few that wouldn't install, took the error codes to microsoft and followed the system readiness advice. Still can't update the PC. I am now having trouble with 32 bit IE (just a white screen) I can use 64 bit IE and Chrome though (both run slow) I am having alot of system crashes specially using Google Earth. I did have Macaffe installed on the PC but that ran out, I have recently installed Norton internet security. After using system readiness tool it told me I had 2 corrupt files, unsure where these are as I can't find the file they are in. I tried finding the system files and right click/run as admin as one error code suggested I didn't have rights to change windows files? I am also having trouble with MSN Messenger, whenever I log in I ask it to remember me yet when I log out it forgets my details. It also does this when IE crashes it logs me out of all my 'stay logged in' sites. I am unsure of the reason my PC is running slow. Here are the logs off OTL (2 of them):

OTL logfile created on: 2/2/2012 6:14:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicky\Documents\OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 31.97% Memory free
5.50 Gb Paging File | 2.77 Gb Available in Paging File | 50.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.22 Gb Total Space | 193.61 Gb Free Space | 66.71% Space Free | Partition Type: NTFS
Drive D: | 290.22 Gb Total Space | 290.05 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 433.68 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: NICKY-PC | User Name: Nicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 17:46:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nicky\My Documents\OTL\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/05 09:22:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/24 16:51:19 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 21:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/10 05:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/06 17:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/06 17:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 05:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 16:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/07/03 16:48:02 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | -H-- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/11 13:58:21 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/04/11 13:58:17 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2010/04/29 15:59:12 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/08/10 05:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/08/10 02:49:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/02/03 00:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/04 16:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/10/28 11:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/30 16:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/04/19 15:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 15:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/06 17:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/28 19:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/30 18:47:04 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/02 22:28:56 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2011/09/27 00:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/08 23:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/03 02:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/03 02:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/26 02:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/26 02:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/26 02:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/11/04 16:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/11/04 16:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 16:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 07:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 11:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 11:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 11:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/30 22:59:24 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/04/09 21:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2008/07/23 14:18:42 | 000,118,272 | ---- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S2usbser.sys -- (S2usbser)
DRV:64bit: - [2007/06/14 15:28:52 | 000,526,848 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2007/04/23 14:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42)
DRV - [2012/02/02 17:22:05 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120202.002\ex64.sys -- (NAVEX15)
DRV - [2012/02/02 17:22:05 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120202.002\eng64.sys -- (NAVENG)
DRV - [2012/01/23 19:10:12 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/31 00:08:29 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/15 23:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120201.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/12/01 02:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...180s25by7012y1o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...180s25by7012y1o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...180s25by7012y1o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...180s25by7012y1o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...180s25by7012y1o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/12 20:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/05 09:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/02 07:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/02 07:58:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/12 20:26:30 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Click to call with Skype = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Norton Identity Protection = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\
CHR - Extension: Gmail = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab (UMediaPlayer Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...067/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B159DBA-C247-46A2-A731-21B5A9298F13}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 04:53:50 | 000,000,027 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{35c50ded-5878-11db-8afa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{35c50ded-5878-11db-8afa-806e6f6e6963}\Shell\Install\Command - "" = E:\Start.exe
O33 - MountPoints2\{8ff7f1b5-a0b5-11df-9d0a-001f16fc9529}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff7f1b5-a0b5-11df-9d0a-001f16fc9529}\Shell\AutoRun\command - "" = H:\AutoInstall.exe
O33 - MountPoints2\{8ff7f1c6-a0b5-11df-9d0a-001f16fc9529}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff7f1c6-a0b5-11df-9d0a-001f16fc9529}\Shell\AutoRun\command - "" = H:\AutoInstall.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 17:46:13 | 000,000,000 | ---D | C] -- C:\Users\Nicky\Documents\OTL
[2012/02/02 08:09:20 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A56EDE06-F945-4390-930A-0CEAB95C845B}
[2012/02/02 08:09:08 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{010315DE-5D12-4496-9358-DA1DB1282577}
[2012/02/01 20:08:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0C19F869-58E0-42F6-B28E-45B1127EE106}
[2012/02/01 20:08:28 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{DD4108DB-D5B7-47AC-93E7-810F270BD0DB}
[2012/02/01 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8571A02F-364D-40E9-A215-091F18A37F3D}
[2012/02/01 08:07:45 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0A26793F-174D-4C87-8B8C-516DA203969E}
[2012/01/31 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{C10BDBC0-9261-43EB-8577-46E912087E36}
[2012/01/31 10:25:35 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{D46797B1-CCE4-4F65-B012-CF7D20443028}
[2012/01/31 09:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/31 09:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/01/31 09:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/30 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B5AF97C4-8241-4A88-94E4-CC5F8F2B1CFA}
[2012/01/30 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{2BA65594-AD1F-408C-B155-A544D273034E}
[2012/01/30 10:24:20 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{5063C59D-A628-4B1E-98EE-229D684EB3FF}
[2012/01/29 22:23:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4D0AAB26-6871-42EB-B835-0C815A9647FD}
[2012/01/29 22:23:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{9374EA2E-1ABB-49B4-A339-31C1E0A14F4F}
[2012/01/29 12:35:07 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Roaming\Malwarebytes
[2012/01/29 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/29 12:34:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/29 12:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/29 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8056A58C-2419-4D06-A487-7D6BF171005B}
[2012/01/29 10:22:54 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{387E5446-E4EA-48DE-B33F-D6CFDB6E6C0C}
[2012/01/28 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{55315423-61C4-4B1D-A0FF-11FD06EE2720}
[2012/01/28 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F6693C25-9B3E-4980-9E00-91F6ACC3A902}
[2012/01/28 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{EC7EE414-2DA2-4B49-B4DE-CDCF73711FDF}
[2012/01/27 20:23:01 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B0B794E3-23EE-4F5F-AE8B-9A5C3B0306B7}
[2012/01/27 08:22:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{6AEC30CC-994F-4F94-A08D-1C8DA92DD7F9}
[2012/01/27 08:22:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3979976B-9DE8-414B-940C-54651DCD02AB}
[2012/01/26 20:19:02 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{2B1ACE76-3A10-4BCE-8DF0-C15746548339}
[2012/01/26 08:18:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{9703706B-7223-4DFB-9892-AE535C54019A}
[2012/01/26 08:18:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{71F5DB69-C190-4395-8855-1598CB353388}
[2012/01/25 20:03:54 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A9E58ECA-538C-4AD2-9D0A-7E367848C3AE}
[2012/01/25 20:03:42 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{392B7B64-4460-4D86-90DD-008501E27BCF}
[2012/01/25 08:03:08 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{036D4141-A769-40E0-BCC1-8BA461944AE9}
[2012/01/25 08:02:53 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{31289393-B698-4441-B739-735EE8581B34}
[2012/01/24 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{EE7F66C8-F3F5-4364-B463-89774679670F}
[2012/01/24 10:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0F5727FC-18F8-4B8C-9870-087D2DB67D6C}
[2012/01/23 22:58:55 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A79B9564-E262-4070-BE37-6683C3BDEAAF}
[2012/01/23 10:58:27 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F6838556-6F0A-43F0-BCC8-39FB70823B3A}
[2012/01/23 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{ACDD3146-1B99-42F2-9A80-24B75E648574}
[2012/01/22 22:57:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{AC21F737-1B52-4073-A76D-71F8525B942F}
[2012/01/22 22:57:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0FECF01B-666C-49A9-A6CE-DAFB0DC7A1DA}
[2012/01/22 10:57:04 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{6644856E-05CC-4872-B935-78923CF6A6F2}
[2012/01/22 10:56:52 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{9ADCA69B-F049-4669-A599-A58DCD6D3E07}
[2012/01/21 10:21:29 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4E2DA6A9-1866-4CC7-95FC-C2C92D9B3801}
[2012/01/21 10:21:16 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A9ACD323-DF0A-43A3-A961-47D3203FDC8B}
[2012/01/20 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{52936200-FDDA-4CF6-B262-7D5E1B526BF9}
[2012/01/20 20:33:10 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{71EEEBDC-7B0A-446B-8CD0-7C4B23664661}
[2012/01/20 08:32:56 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{623AF009-8AD2-462F-B79A-24E66251436F}
[2012/01/20 08:32:44 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{7F6004D1-B0A0-42E8-B5A1-BADDE3AE45CE}
[2012/01/19 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{5B0E74B3-0A4F-4D4E-BC89-8966B4779035}
[2012/01/19 08:31:50 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{FF38C1F2-ABE1-4990-81B6-4A06A7CF4CE6}
[2012/01/19 08:31:38 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{17209A93-405E-464C-A80E-755794C525C4}
[2012/01/18 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{61121460-E53E-4258-A281-E35B2C6BA41F}
[2012/01/18 08:30:43 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{184FC1DF-6FA1-497C-8395-49D708D7BF89}
[2012/01/18 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F0888F4A-F4B0-433F-B069-AE51D846CDCB}
[2012/01/17 20:30:03 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B1971A34-A393-4F2B-BE22-8AEC2FEA57E8}
[2012/01/17 08:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0BB9D917-3F71-4AEF-B184-2FB261B061CD}
[2012/01/17 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4E2D87E4-5AFA-49CB-8FE6-AE67AC621E1B}
[2012/01/16 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{2197CC0C-5B1F-41AE-A922-E2A24ED5B2F7}
[2012/01/16 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{32FB777B-F73A-4B15-9D1A-11D645A87136}
[2012/01/16 08:11:52 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{692E7D41-76E8-47AC-99B8-D820918A2D47}
[2012/01/16 08:11:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A77CFFFA-EFE5-48B3-A08B-A68C8CC19F52}
[2012/01/15 11:06:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{965EC31E-2C85-4455-95CC-5C1FF727714D}
[2012/01/15 11:06:29 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8CBD33ED-5DD7-4D04-B418-C667B84DE954}
[2012/01/14 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A942FD11-77CB-4B2D-9C46-3A86A17D674D}
[2012/01/14 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{747B1845-B276-492C-BC7F-28BB92949DBD}
[2012/01/14 11:05:09 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B0002C78-2D2F-415D-B10F-4587045DDBC7}
[2012/01/13 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{50947D8C-3676-4E1C-B1CC-42857CCB7A62}
[2012/01/13 08:30:25 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{7C75D122-181D-47F0-8DB4-73E3CB579138}
[2012/01/13 08:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{FED8F461-446D-4DC6-9D93-EF2F13D90029}
[2012/01/12 20:29:45 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3891B9AB-DE0D-45B2-950A-FC728E2F6412}
[2012/01/12 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Roaming\AMPSoft
[2012/01/12 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nicky\Desktop\Font Viewer
[2012/01/12 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{570046CB-2E7D-4ED9-B924-4659C97AE6E6}
[2012/01/12 08:29:08 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{FAD87E31-4877-45EC-9462-58646FEEF902}
[2012/01/11 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{40B036C7-1B3F-4527-B5F2-6B161809BEBA}
[2012/01/11 08:28:13 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{D29F1CFE-222C-4305-A07F-372CD6685DAA}
[2012/01/11 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3099D621-1581-4DDE-AD89-FC0E400A8B00}
[2012/01/10 20:17:15 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F374FAB0-74DA-43A7-A601-E381A0B17AD0}
[2012/01/10 08:16:48 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8C2B29A6-91A5-4E67-8731-FFF1726403FA}
[2012/01/10 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B6ED033C-62AC-473D-AA27-7C841CBE3014}
[2012/01/09 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4858AB86-D296-490A-886B-F3B311B2E61A}
[2012/01/09 08:15:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{EC1DAD02-EC48-49D8-ADCD-ABC4E7962D95}
[2012/01/09 08:15:28 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{706ADE0D-44E4-4406-AD26-F73B8E6F8D80}
[2012/01/08 10:42:00 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3F730B9E-9973-411C-BFDD-98CFD58F79F3}
[2012/01/08 10:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{859A0A24-CDE0-4D71-BDC4-AB4B78C66C69}
[2012/01/07 22:41:10 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{E347EB03-3149-4553-AEBF-0DBDFE46D209}
[2012/01/07 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{24C974CB-BA1F-4E66-A350-390144F527CE}
[2012/01/07 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\House of 1000 Doors - Family Secrets Collector's Edition
[2012/01/07 14:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\House of 1000 Doors - Family Secrets Collector's Edition
[2012/01/07 14:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\House of 1000 Doors - Family Secrets Collector's Edition
[2012/01/07 10:40:30 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{45540253-7CF1-4807-9EF7-C45577742593}
[2012/01/07 10:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{1B1B77E9-28D0-4789-9AC9-B1FEE89E5225}
[2012/01/06 11:12:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{421B5EDD-B44C-4430-B7EC-60ED3702FF7A}
[2012/01/06 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{BE18B506-67FA-478B-A8BA-1EB880D01EFB}
[2012/01/05 23:11:53 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A662AC82-DD2E-426B-A095-851EE29898BB}
[2012/01/05 11:11:26 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{699C4A6C-0CFC-4FE1-97FB-94462049B850}
[2012/01/05 11:11:14 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{6EDE7EAD-49D7-4D38-9E4E-4458FAE1030C}
[2012/01/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{912133B3-F3B2-4F07-939C-B119056C04AA}
[2012/01/04 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{DDD704C7-ECF0-47C4-97C2-2BF0A36C9C11}
[2012/01/04 11:10:07 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0D6BAD2A-24B8-49E3-B469-209E17190CD4}
[2012/01/04 11:09:55 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{7773C070-A929-4B74-99C8-165B3DC459B6}
[2012/01/03 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B36BD4A7-8635-4552-B7D3-9F7EF7A30864}
[2012/01/03 23:09:12 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3B59AE18-7D30-4A79-8E35-ED9F4279CA7B}
[2009/08/14 17:54:53 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2012/02/02 18:01:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 17:51:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 17:51:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 16:35:38 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nicky.job
[2012/02/02 08:00:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 07:57:37 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2012/02/02 07:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 07:57:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/02 07:57:30 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 08:13:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 20:12:42 | 000,000,134 | ---- | M] () -- C:\Users\Nicky\Desktop\Internet Explorer Troubleshooting.url
[2012/01/29 14:44:16 | 000,007,626 | ---- | M] () -- C:\Users\Nicky\AppData\Local\resmon.resmoncfg
[2012/01/25 15:57:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/25 15:57:28 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/25 15:57:28 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/24 13:57:16 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/07 14:58:59 | 000,008,320 | -H-- | M] () -- C:\Windows\wininit.ini
[2012/01/07 14:58:58 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Play House of 1000 Doors - Family Secrets Collector's Edition.lnk
[2012/01/07 14:58:58 | 000,001,342 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/01/04 10:10:58 | 000,000,592 | ---- | M] () -- C:\Windows\MRU.ini
[2012/01/04 09:51:27 | 001,899,003 | ---- | M] () -- C:\Users\Nicky\Documents\Messier List PDF.pdf

========== Files Created - No Company Name ==========

[2012/01/29 12:36:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 14:58:58 | 000,001,342 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/01/07 14:58:57 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Play House of 1000 Doors - Family Secrets Collector's Edition.lnk
[2012/01/04 09:51:26 | 001,899,003 | ---- | C] () -- C:\Users\Nicky\Documents\Messier List PDF.pdf
[2011/09/18 16:10:22 | 000,005,632 | ---- | C] () -- C:\Users\Nicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/06/11 14:46:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/05 14:11:11 | 000,000,391 | ---- | C] () -- C:\Users\Nicky\AppData\Roaming\prefsdb.dat
[2010/11/06 19:37:39 | 000,000,592 | ---- | C] () -- C:\Windows\MRU.ini
[2010/10/17 09:15:52 | 000,007,626 | ---- | C] () -- C:\Users\Nicky\AppData\Local\resmon.resmoncfg
[2010/08/29 18:12:48 | 000,001,456 | ---- | C] () -- C:\Users\Nicky\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/05 18:53:08 | 000,000,023 | ---- | C] () -- C:\Windows\SysWow64\PCSuiteConfigFile.ini
[2010/08/05 18:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\PCSuiteShareFile.ini
[2010/08/05 18:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\PCSuiteParamFile.ini
[2010/07/12 20:26:05 | 000,023,142 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/07/12 13:18:11 | 000,023,142 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/07/06 18:37:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/05 09:40:19 | 000,163,514 | ---- | C] () -- C:\Windows\hphins33.dat
[2010/02/01 18:11:19 | 000,008,320 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/01/02 16:38:32 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/01/02 16:38:32 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009/12/21 21:52:41 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 10:17:52 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/12/24 10:28:03 | 000,000,000 | -HSD | M] -- C:\Users\Nicky\AppData\Roaming\.#
[2012/01/04 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\.minecraft
[2011/04/20 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2011/05/31 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Aerohills
[2010/04/13 18:43:20 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Alawar Entertainment
[2012/01/12 09:59:04 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\AMPSoft
[2010/04/08 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Artogon
[2011/06/11 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Big Finish
[2011/12/29 22:40:24 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Big Fish Games
[2010/03/10 13:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\BloodTies
[2011/03/31 13:20:17 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Blue Tea Games
[2011/12/04 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Blueberry
[2011/10/29 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Boomzap
[2011/03/20 16:04:48 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\CursedOnboard
[2011/06/29 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\DailyMagic
[2011/01/28 15:16:18 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Dekovir
[2010/02/03 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Dragon Altar Games
[2010/12/28 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\EleFun Games
[2011/04/28 10:30:06 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Elephant Games
[2010/08/11 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Enlightenus2_BFG
[2011/01/19 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\ERS G-Studio
[2011/10/09 18:14:18 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\ERS Game Studios
[2011/10/08 14:08:14 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Fenomen Games
[2011/05/21 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\FlyWheelGames
[2009/12/25 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Friday's games
[2009/12/23 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GameConsole
[2011/03/20 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GameMill Entertainment
[2010/01/14 18:07:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GamersDigital
[2011/05/15 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GAMGO
[2010/02/05 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Gestalt Games
[2010/05/16 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\HdO Adventure
[2011/05/02 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Lazy Turtle Games
[2010/01/13 18:36:25 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Leadertech
[2011/12/02 22:29:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\LogSys
[2011/04/20 13:44:01 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\MA2
[2011/05/04 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Maximize Games
[2011/10/08 15:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\MediaArt
[2010/05/15 12:08:27 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Merscom
[2011/04/15 11:37:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\MysteryStudio
[2010/04/09 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Oberon 3 Days Zoo Mystery
[2011/06/05 14:11:39 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\perfect future studio
[2011/06/11 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\PlayFirst
[2010/02/11 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\PoBros
[2010/05/10 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Poser
[2011/12/03 13:32:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Poser 7
[2010/03/17 19:13:57 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Roaming
[2011/05/21 13:54:46 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Silverback Productions
[2010/04/05 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Specialbit
[2010/11/04 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Stellarium
[2010/08/07 13:42:07 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\TikisLab
[2010/04/04 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Top Evidence
[2011/07/02 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\VampireSaga
[2010/08/08 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Vast Studios
[2011/05/08 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Windows Live Writer
[2011/12/25 11:24:59 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:AFB24B00
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D3FFFBA9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:94BD36A2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A5930D84
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:8BBD1F9A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9E9A3410
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B8EB1B99
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:526B3022
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4E9307D7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84F494D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3EC5BC08
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6B709AD7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:762408BA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4C8FA829
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:373C6DC2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8AEF2555
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D9656460
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D4558A0B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:62B9E014
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:48529647
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:AED33A42
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:24C072FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AE8D8202
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EF4B1DA9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63CFD724
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29861223
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03A039A3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F9E10A82
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F8B72C9

< End of report >



OTL Extras logfile created on: 2/2/2012 6:14:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicky\Documents\OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 31.97% Memory free
5.50 Gb Paging File | 2.77 Gb Available in Paging File | 50.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.22 Gb Total Space | 193.61 Gb Free Space | 66.71% Space Free | Partition Type: NTFS
Drive D: | 290.22 Gb Total Space | 290.05 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 433.68 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: NICKY-PC | User Name: Nicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18435829-4E75-4CD1-9796-A62DBBAE2ED7}" = DeepSkyStacker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1" = Amnesia - The Dark Descent Demo
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7814358B-1284-4305-AE5A-6667DBDF4771}" = ArcSoft WebCam Companion 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114326367}" = Blood Ties
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114774927}" = Dream Chronicles 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118203740}" = Mirror Mysteries
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118295220}" = Born into Darkness
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118451570}" = 3 Days Zoo Mystery
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{919955B0-50EB-45DD-9165-C3BCFBF6B2D1}" = S2 PCSync
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ADE33365-CB20-4147-A962-2ADC4EF0EF78}" = Locomotion Demo
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE3A3BDB-93B0-4F19-ABB1-D63575210C6C}_is1" = Dig-N-Rig version 1.0
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{dcecd67a-83b9-491f-93bd-059cab7dff56}" = Nero 9 Essentials
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}" = ArcSoft PhotoImpression 5
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BB FlashBack Express" = BB FlashBack Express
"BFG-A Gypsy's Tale - The Tower of Secrets" = A Gypsy's Tale: The Tower of Secrets
"BFG-Antique Road Trip 2 - Homecoming" = Antique Road Trip 2: Homecoming
"BFG-Awakening - Moonfell Wood" = Awakening: Moonfell Wood
"BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
"BFG-Awakening - The Goblin Kingdom" = Awakening: The Goblin Kingdom
"BFG-Big City Adventure - Vancouver Collector's Edition" = Big City Adventure: Vancouver Collector's Edition
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Dimensions - City of Fog" = Dark Dimensions: City of Fog
"BFG-Dark Parables - The Exiled Prince Collector's Edition" = Dark Parables: The Exiled Prince Collector's Edition
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Detective Agency 2 - The Banker's wife" = Detective Agency 2: Banker's wife
"BFG-Dream Chronicles - The Book of Air" = Dream Chronicles: The Book of Air
"BFG-Enlightenus II - The Timeless Tower Collector's Edition" = Enlightenus II: The Timeless Tower Collector's Edition
"BFG-Epic Adventures - Cursed Onboard" = Epic Adventures: Cursed Onboard
"BFG-Escape from Thunder Island" = Escape from Thunder Island
"BFG-Fear For Sale - Mystery of McInroy Manor" = Fear For Sale: Mystery of McInroy Manor
"BFG-Hallowed Legends - Samhain" = Hallowed Legends: Samhain
"BFG-Haunted Halls - Green Hills Sanitarium" = Haunted Halls: Green Hills Sanitarium
"BFG-Haunted Manor - Lord of Mirrors Collector's Edition" = Haunted Manor: Lord of Mirrors Collector's Edition
"BFG-Hidden Mysteries - Salem Secrets" = Hidden Mysteries&reg;: Salem Secrets
"BFG-Hidden Mysteries - Vampire Secrets" = Hidden Mysteries: Vampire Secrets
"BFG-Hidden Object Crosswords" = Hidden Object Crosswords
"BFG-House of 1000 Doors - Family Secrets Collector's Edition" = House of 1000 Doors: Family Secrets Collector's Edition
"BFG-Island - The Lost Medallion" = Island: The Lost Medallion
"BFG-Lost Lagoon - The Trail of Destiny" = Lost Lagoon: The Trail of Destiny
"BFG-Lost Souls - Enchanted Paintings" = Lost Souls: Enchanted Paintings
"BFG-Love Story - The Beach Cottage" = Love Story: The Beach Cottage
"BFG-Murder Island - Secret of Tantalus" = Murder Island: Secret of Tantalus
"BFG-Mysteries of Magic Island" = Mysteries of Magic Island
"BFG-Mystery Age - The Dark Priests" = Mystery Age: The Dark Priests
"BFG-Mystery Case Files - 13th Skull" = Mystery Case Files &reg;: 13th Skull ™
"BFG-Mystery Case Files - 13th Skull Collector's Edition" = Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"BFG-Mystery Case Files - Escape from Ravenhearst" = Mystery Case Files&reg;: Escape from Ravenhearst™
"BFG-Mystery Chronicles - Betrayals of Love" = Mystery Chronicles: Betrayals of Love
"BFG-Mystery of the Earl" = Mystery of the Earl
"BFG-Nick Chase and the Deadly Diamond" = Nick Chase and the Deadly Diamond
"BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
"BFG-Penny Dreadfuls - Sweeney Todd Collector's Edition" = Penny Dreadfuls: Sweeney Todd Collector`s Edition
"BFG-Pirate Mysteries - A Tale of Monkeys, Masks, and Hidden Objects" = Pirate Mysteries: A Tale of Monkeys, Masks, and Hidden Objects
"BFG-Private Eye - Greatest Unsolved Mysteries" = Private Eye: Greatest Unsolved Mysteries
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-PuppetShow - Souls of the Innocent Collectors Edition" = PuppetShow: Souls of the Innocent Collector's Edition
"BFG-Rasputin's Curse" = Rasputin's Curse
"BFG-Redemption Cemetery - Curse of the Raven" = Redemption Cemetery: Curse of the Raven
"BFG-Romancing the Seven Wonders - Great Pyramids" = Romancing the Seven Wonders: Great Pyramids
"BFG-Rooms - The Main Building" = Rooms: The Main Building
"BFG-Serpent of Isis - Your Journey Continues" = The Serpent of Isis: Your Journey Continues
"BFG-Shutter Island" = Shutter Island
"BFG-Silent Scream - The Dancer" = Silent Scream: The Dancer
"BFG-Spirits of Mystery - Amber Maiden" = Spirits of Mystery: Amber Maiden
"BFG-Spirits of Mystery - Amber Maiden Collector's Edition" = Spirits of Mystery: Amber Maiden Collector's Edition
"BFG-The Curse of the Ring" = The Curse of the Ring
"BFG-The Mystery of the Crystal Portal - Beyond the Horizon" = The Mystery of the Crystal Portal: Beyond the Horizon
"BFG-Time Dreamer" = Time Dreamer
"BFG-Vampireville" = Vampireville
"BFG-Veronica Rivers - The Order Of Conspiracy" = Veronica Rivers: The Order Of Conspiracy
"BFG-Virtual Villagers - The Tree of Life" = Virtual Villagers: The Tree of Life
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Flotilla Demo_is1" = Flotilla Demo v2.333
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jewel Quest Mysteries Curse of the Emerald Tear" = Jewel Quest Mysteries Curse of the Emerald Tear (remove only)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Messenger Plus!" = Messenger Plus! 5
"Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Poser 7_is1" = Poser 7.0.2
"Poser 8_is1" = Poser 8 (8.0.0.10157)
"RealPlayer 12.0" = RealPlayer
"Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67
"Scratch" = Scratch
"Stellarium_is1" = Stellarium 0.10.6.1
"TescoDownloader" = Tesco Download Manager
"Vampire Saga - Pandora's Box" = Vampire Saga - Pandora's Box
"Vehicle Simulator_is1" = Vehicle Simulator
"Victoria 4.2 Morphs++ DAZ Studio Content ps_pe070_V4MorphsDS" = Victoria 4.2 Morphs++ DAZ Studio Content
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Nicky
"RegiStax 5.1" = RegiStax 5.1
"UnityWebPlayer" = Unity Web Player
"Wurm Online 3.0.1a" = Wurm Online 3.0.1a

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 4:14:35 AM | Computer Name = Nicky-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 2/1/2012 4:32:04 AM | Computer Name = Nicky-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/1/2012 6:38:04 AM | Computer Name = Nicky-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/1/2012 1:12:52 PM | Computer Name = Nicky-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 2/2/2012 3:56:37 AM | Computer Name = Nicky-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 2/2/2012 3:57:43 AM | Computer Name = Nicky-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 2/2/2012 4:31:07 AM | Computer Name = Nicky-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/2/2012 5:08:30 AM | Computer Name = Nicky-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/2/2012 7:23:33 AM | Computer Name = Nicky-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/2/2012 1:30:09 PM | Computer Name = Nicky-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Media Center Events ]
Error - 10/19/2011 7:10:05 AM | Computer Name = Nicky-PC | Source = MCUpdate | ID = 0
Description = 12:10:05 - Error connecting to the internet. 12:10:05 - Unable
to contact server..

Error - 10/19/2011 7:10:16 AM | Computer Name = Nicky-PC | Source = MCUpdate | ID = 0
Description = 12:10:11 - Error connecting to the internet. 12:10:11 - Unable
to contact server..

[ System Events ]
Error - 2/1/2012 4:49:50 PM | Computer Name = Nicky-PC | Source = nvstor64 | ID = 14548995
Description = Data error on device. Device: \Device\RaidPort0 Model: WDC WD6400AAKS-22A7B2

Firmware
Version: 01.0 Serial Number: WD-WCASY6492677 Port: 1

Error - 2/1/2012 6:07:01 PM | Computer Name = Nicky-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/1/2012 6:07:30 PM | Computer Name = Nicky-PC | Source = DCOM | ID = 10010
Description =

Error - 2/2/2012 3:56:38 AM | Computer Name = Nicky-PC | Source = Service Control Manager | ID = 7024
Description = The McAfee Real-time Scanner service terminated with service-specific
error %%5046.

Error - 2/2/2012 3:57:44 AM | Computer Name = Nicky-PC | Source = Service Control Manager | ID = 7024
Description = The McAfee Real-time Scanner service terminated with service-specific
error %%5046.

Error - 2/2/2012 4:01:40 AM | Computer Name = Nicky-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2632503).

Error - 2/2/2012 4:01:40 AM | Computer Name = Nicky-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070005: Update for Windows 7 for x64-based Systems (KB2529073).

Error - 2/2/2012 6:14:13 AM | Computer Name = Nicky-PC | Source = nvstor64 | ID = 14548995
Description = Data error on device. Device: \Device\RaidPort0 Model: WDC WD6400AAKS-22A7B2

Firmware
Version: 01.0 Serial Number: WD-WCASY6492677 Port: 1

Error - 2/2/2012 6:14:13 AM | Computer Name = Nicky-PC | Source = nvstor64 | ID = 14548995
Description = Data error on device. Device: \Device\RaidPort0 Model: WDC WD6400AAKS-22A7B2

Firmware
Version: 01.0 Serial Number: WD-WCASY6492677 Port: 1

Error - 2/2/2012 6:14:13 AM | Computer Name = Nicky-PC | Source = nvstor64 | ID = 14548995
Description = Data error on device. Device: \Device\RaidPort0 Model: WDC WD6400AAKS-22A7B2

Firmware
Version: 01.0 Serial Number: WD-WCASY6492677 Port: 1


< End of report >


Oh my lots of errors in that last LOG :(
  • 0

Advertisements

#2
RKinner
Posted 02 February 2012 - 02:20 PM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
It looks like you didn't uninstall McAfee so do that first then

Download and Save the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
run the McAfee uninstall tool, reboot.


I would also uninstall

Messenger Plus! 5 Messenger Plus! is notorious for coming with a "sponsor" program which at best was adware and at worst was outright malware.
Yahoo! Toolbar
Yahoo! Messenger (unless you use it)
Yahoo! Software Update

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent. Wait for it to finish.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast engine and scan)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

netsh  winhttp  reset  proxy
(This resets a hidden proxy which sometimes is why you can't connect to get updates automatically)


sfc  /scannow

( This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)




1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

select the All option in the Extra Registry group and in the Services group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
NickyM
Posted 02 February 2012 - 02:30 PM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for this, I am just uninstalling Mcaffe now, even though I used the uninstall that came with it, and it told me all components had ben removed. Plus does come with a spnser which I declined, along with the toolbar is it still ok to leave it on or do I need to remove?

Edited by NickyM, 02 February 2012 - 03:35 PM.

  • 0

#4
RKinner
Posted 02 February 2012 - 03:55 PM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
McAfee is one of the poorest uninstalling programs around so you always have to run the removal tool.

You can leave Plus for now if you are sure you didn't install the sponsor.
  • 0

#5
NickyM
Posted 02 February 2012 - 04:25 PM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR keeps crashing on me, it wants to send reports to microsoft, do I continue with the rest of the advice?



ComboFix 12-02-02.02 - Nicky 02/02/2012 21:00:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2815.1492 [GMT 0:00]
Running from: c:\users\Nicky\Documents\OTL\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Nicky\AppData\Roaming\.#
c:\users\Nicky\AppData\Roaming\Roaming
c:\users\Nicky\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 21:15 . 2012-02-02 21:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-02 21:15 . 2012-02-02 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 09:20 . 2012-01-31 09:20 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-31 09:20 . 2012-01-31 09:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-01-29 12:35 . 2012-01-29 12:35 -------- d-----w- c:\users\Nicky\AppData\Roaming\Malwarebytes
2012-01-29 12:34 . 2012-01-29 12:34 -------- d-----w- c:\programdata\Malwarebytes
2012-01-29 12:34 . 2012-02-01 08:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-29 12:34 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 09:59 . 2012-01-12 09:59 -------- d-----w- c:\users\Nicky\AppData\Roaming\AMPSoft
2012-01-11 12:35 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:35 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:35 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 12:35 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 12:35 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:35 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 12:35 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:35 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 14:58 . 2012-01-07 14:58 -------- d-----w- c:\program files (x86)\House of 1000 Doors - Family Secrets Collector's Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 18:47 . 2011-12-30 18:47 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-11 18:53 . 2011-12-11 18:53 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-02 22:28 . 2011-12-02 22:28 5632 ----a-w- c:\windows\system32\bbchlp.dll
2011-12-02 22:28 . 2011-12-02 22:28 4608 ----a-w- c:\windows\system32\drivers\bbcap.sys
2011-12-02 22:28 . 2011-12-02 22:28 37376 ----a-w- c:\windows\system32\bbcap.dll
2011-11-25 08:25 . 2011-11-25 08:25 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 05:00 . 2011-12-14 08:27 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-30 10:55 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{449E78E6-492F-4512-AD89-43F8ABF07DFA}\mpengine.dll
2011-11-13 09:37 . 2011-05-27 09:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 09:22 . 2009-12-23 09:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-05 09:22 . 2009-12-23 09:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-05 05:26 . 2011-12-14 08:30 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 08:30 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 08:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 08:30 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 08:30 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 08:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 08:30 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 08:30 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 08:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 08:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-14 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-04-29 5248312]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-10 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-03 64000]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Wireless Manager"="c:\program files (x86)\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-05 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv42.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\S2usbser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120201.002\IDSvia64.sys [2011-12-15 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-23 138360]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 13:03]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 13:03]
.
2012-02-02 c:\windows\Tasks\Norton Security Scan for Nicky.job
- c:\progra~2\NORTON~3\Engine\360~1.31\Nss.exe [2011-11-05 23:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x1301&r=17361209sn07973180s25by7012y1o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BFG-Pirate Mysteries - A Tale of Monkeys, Masks, and Hidden Objects - c:\program files (x86)\Pirate Mysteries - A Tale of Monkeys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-702353406-1558373057-3347167078-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-702353406-1558373057-3347167078-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-02 21:19:08
ComboFix-quarantined-files.txt 2012-02-02 21:19
.
Pre-Run: 208,427,237,376 bytes free
Post-Run: 211,691,028,480 bytes free
.
- - End Of File - - 8B84ADB56FCE559A61FF1621918E1ED1



21:25:12.0071 7476 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
21:25:12.0664 7476 ============================================================
21:25:12.0664 7476 Current date / time: 2012/02/02 21:25:12.0664
21:25:12.0664 7476 SystemInfo:
21:25:12.0664 7476
21:25:12.0664 7476 OS Version: 6.1.7600 ServicePack: 0.0
21:25:12.0664 7476 Product type: Workstation
21:25:12.0664 7476 ComputerName: NICKY-PC
21:25:12.0679 7476 UserName: Nicky
21:25:12.0679 7476 Windows directory: C:\Windows
21:25:12.0679 7476 System windows directory: C:\Windows
21:25:12.0679 7476 Running under WOW64
21:25:12.0679 7476 Processor architecture: Intel x64
21:25:12.0679 7476 Number of processors: 2
21:25:12.0679 7476 Page size: 0x1000
21:25:12.0679 7476 Boot type: Normal boot
21:25:12.0679 7476 ============================================================
21:25:13.0787 7476 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:25:13.0803 7476 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:25:13.0818 7476 \Device\Harddisk0\DR0:
21:25:13.0818 7476 MBR used
21:25:13.0818 7476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
21:25:13.0818 7476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x24472000
21:25:13.0818 7476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x263E4800, BlocksNum 0x244732B0
21:25:13.0818 7476 \Device\Harddisk1\DR1:
21:25:13.0818 7476 MBR used
21:25:13.0818 7476 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
21:25:14.0208 7476 Initialize success
21:25:14.0208 7476 ============================================================
21:25:53.0037 7940 ============================================================
21:25:53.0037 7940 Scan started
21:25:53.0037 7940 Mode: Manual; SigCheck; TDLFS;
21:25:53.0037 7940 ============================================================
21:25:54.0409 7940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:25:54.0550 7940 1394ohci - ok
21:25:54.0597 7940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:25:54.0612 7940 ACPI - ok
21:25:54.0628 7940 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:25:54.0690 7940 AcpiPmi - ok
21:25:54.0768 7940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:54.0815 7940 adp94xx - ok
21:25:54.0815 7940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:25:54.0831 7940 adpahci - ok
21:25:54.0862 7940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:25:54.0877 7940 adpu320 - ok
21:25:54.0909 7940 Afc - ok
21:25:54.0955 7940 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:25:55.0033 7940 AFD - ok
21:25:55.0065 7940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:25:55.0096 7940 agp440 - ok
21:25:55.0111 7940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:25:55.0127 7940 aliide - ok
21:25:55.0143 7940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:25:55.0158 7940 amdide - ok
21:25:55.0174 7940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:25:55.0189 7940 AmdK8 - ok
21:25:55.0205 7940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:25:55.0221 7940 AmdPPM - ok
21:25:55.0252 7940 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:25:55.0283 7940 amdsata - ok
21:25:55.0299 7940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:55.0314 7940 amdsbs - ok
21:25:55.0330 7940 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:25:55.0330 7940 amdxata - ok
21:25:55.0361 7940 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:25:55.0439 7940 AppID - ok
21:25:55.0486 7940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:25:55.0501 7940 arc - ok
21:25:55.0517 7940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:25:55.0533 7940 arcsas - ok
21:25:55.0548 7940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:55.0595 7940 AsyncMac - ok
21:25:55.0626 7940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:25:55.0642 7940 atapi - ok
21:25:55.0689 7940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:25:55.0735 7940 b06bdrv - ok
21:25:55.0751 7940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:55.0782 7940 b57nd60a - ok
21:25:55.0829 7940 bbcap (849ea7a204f9f77e7b2adb8699f7bfc8) C:\Windows\system32\DRIVERS\bbcap.sys
21:25:55.0860 7940 bbcap - ok
21:25:55.0907 7940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:25:56.0001 7940 Beep - ok
21:25:56.0219 7940 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
21:25:56.0297 7940 BHDrvx64 - ok
21:25:56.0328 7940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:56.0344 7940 blbdrive - ok
21:25:56.0391 7940 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:25:56.0453 7940 bowser - ok
21:25:56.0484 7940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:56.0515 7940 BrFiltLo - ok
21:25:56.0531 7940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:56.0562 7940 BrFiltUp - ok
21:25:56.0593 7940 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:25:56.0625 7940 BridgeMP - ok
21:25:56.0656 7940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:25:56.0687 7940 Brserid - ok
21:25:56.0703 7940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:56.0749 7940 BrSerWdm - ok
21:25:56.0765 7940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:56.0796 7940 BrUsbMdm - ok
21:25:56.0812 7940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:56.0827 7940 BrUsbSer - ok
21:25:56.0843 7940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:56.0874 7940 BTHMODEM - ok
21:25:56.0983 7940 camdrv42 (19c8e65dc74d8240c3c8be0f8751b17e) C:\Windows\system32\DRIVERS\camdrv42.sys
21:25:57.0046 7940 camdrv42 - ok
21:25:57.0061 7940 catchme - ok
21:25:57.0139 7940 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys
21:25:57.0171 7940 ccSet_NIS - ok
21:25:57.0202 7940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:25:57.0280 7940 cdfs - ok
21:25:57.0311 7940 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:25:57.0327 7940 cdrom - ok
21:25:57.0342 7940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:25:57.0358 7940 circlass - ok
21:25:57.0389 7940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:25:57.0405 7940 CLFS - ok
21:25:57.0451 7940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:57.0467 7940 CmBatt - ok
21:25:57.0498 7940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:25:57.0514 7940 cmdide - ok
21:25:57.0561 7940 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:25:57.0623 7940 CNG - ok
21:25:57.0654 7940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:25:57.0670 7940 Compbatt - ok
21:25:57.0685 7940 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:25:57.0732 7940 CompositeBus - ok
21:25:57.0763 7940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:57.0795 7940 crcdisk - ok
21:25:57.0857 7940 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:25:57.0904 7940 DfsC - ok
21:25:57.0919 7940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:25:57.0982 7940 discache - ok
21:25:58.0013 7940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:25:58.0029 7940 Disk - ok
21:25:58.0091 7940 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:25:58.0138 7940 Dot4 - ok
21:25:58.0185 7940 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:25:58.0231 7940 Dot4Print - ok
21:25:58.0278 7940 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:25:58.0325 7940 dot4usb - ok
21:25:58.0356 7940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:25:58.0387 7940 drmkaud - ok
21:25:58.0450 7940 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:25:58.0497 7940 DXGKrnl - ok
21:25:58.0559 7940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:25:58.0621 7940 ebdrv - ok
21:25:58.0731 7940 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:25:58.0762 7940 eeCtrl - ok
21:25:58.0824 7940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:25:58.0840 7940 elxstor - ok
21:25:58.0902 7940 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:25:58.0918 7940 EraserUtilRebootDrv - ok
21:25:58.0933 7940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:25:58.0965 7940 ErrDev - ok
21:25:58.0996 7940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:25:59.0074 7940 exfat - ok
21:25:59.0105 7940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:25:59.0183 7940 fastfat - ok
21:25:59.0199 7940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:25:59.0245 7940 fdc - ok
21:25:59.0292 7940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:25:59.0308 7940 FileInfo - ok
21:25:59.0323 7940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:25:59.0386 7940 Filetrace - ok
21:25:59.0401 7940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:59.0433 7940 flpydisk - ok
21:25:59.0465 7940 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:25:59.0480 7940 FltMgr - ok
21:25:59.0527 7940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:25:59.0543 7940 FsDepends - ok
21:25:59.0605 7940 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:25:59.0621 7940 fssfltr - ok
21:25:59.0652 7940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:25:59.0668 7940 Fs_Rec - ok
21:25:59.0699 7940 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:25:59.0714 7940 fvevol - ok
21:25:59.0746 7940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:59.0761 7940 gagp30kx - ok
21:25:59.0792 7940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:59.0808 7940 GEARAspiWDM - ok
21:25:59.0855 7940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:25:59.0886 7940 hcw85cir - ok
21:25:59.0917 7940 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:25:59.0948 7940 HdAudAddService - ok
21:25:59.0980 7940 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:26:00.0042 7940 HDAudBus - ok
21:26:00.0058 7940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:26:00.0089 7940 HidBatt - ok
21:26:00.0104 7940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:26:00.0136 7940 HidBth - ok
21:26:00.0151 7940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:26:00.0167 7940 HidIr - ok
21:26:00.0198 7940 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:26:00.0214 7940 HidUsb - ok
21:26:00.0245 7940 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:26:00.0260 7940 HpSAMD - ok
21:26:00.0292 7940 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:26:00.0370 7940 HTTP - ok
21:26:00.0385 7940 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:26:00.0416 7940 hwpolicy - ok
21:26:00.0432 7940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:26:00.0448 7940 i8042prt - ok
21:26:00.0463 7940 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:26:00.0494 7940 iaStorV - ok
21:26:00.0666 7940 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120201.002\IDSvia64.sys
21:26:00.0697 7940 IDSVia64 - ok
21:26:00.0728 7940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:26:00.0744 7940 iirsp - ok
21:26:00.0791 7940 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
21:26:00.0838 7940 IntcAzAudAddService - ok
21:26:00.0853 7940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:26:00.0853 7940 intelide - ok
21:26:00.0869 7940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:26:00.0900 7940 intelppm - ok
21:26:00.0931 7940 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:26:00.0962 7940 IpFilterDriver - ok
21:26:00.0978 7940 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:26:01.0009 7940 IPMIDRV - ok
21:26:01.0009 7940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:26:01.0056 7940 IPNAT - ok
21:26:01.0087 7940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:26:01.0165 7940 IRENUM - ok
21:26:01.0196 7940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:26:01.0212 7940 isapnp - ok
21:26:01.0228 7940 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:26:01.0243 7940 iScsiPrt - ok
21:26:01.0274 7940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:26:01.0290 7940 kbdclass - ok
21:26:01.0321 7940 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:26:01.0352 7940 kbdhid - ok
21:26:01.0399 7940 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:26:01.0430 7940 KSecDD - ok
21:26:01.0446 7940 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:26:01.0462 7940 KSecPkg - ok
21:26:01.0477 7940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:26:01.0524 7940 ksthunk - ok
21:26:01.0571 7940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:26:01.0633 7940 lltdio - ok
21:26:01.0664 7940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:26:01.0680 7940 LSI_FC - ok
21:26:01.0696 7940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:26:01.0711 7940 LSI_SAS - ok
21:26:01.0727 7940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:26:01.0742 7940 LSI_SAS2 - ok
21:26:01.0742 7940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:26:01.0758 7940 LSI_SCSI - ok
21:26:01.0789 7940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:26:01.0836 7940 luafv - ok
21:26:01.0883 7940 lvpopf64 (4db7d24f69354073a1c13f5889e63208) C:\Windows\system32\DRIVERS\lvpopf64.sys
21:26:01.0914 7940 lvpopf64 - ok
21:26:01.0945 7940 LVPr2M64 (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:26:01.0961 7940 LVPr2M64 - ok
21:26:01.0961 7940 LVPr2Mon (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:26:01.0976 7940 LVPr2Mon - ok
21:26:02.0023 7940 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
21:26:02.0039 7940 LVRS64 - ok
21:26:02.0179 7940 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:26:02.0366 7940 LVUVC64 - ok
21:26:02.0413 7940 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:26:02.0429 7940 MBAMProtector - ok
21:26:02.0476 7940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:26:02.0491 7940 megasas - ok
21:26:02.0507 7940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:26:02.0522 7940 MegaSR - ok
21:26:02.0538 7940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:26:02.0585 7940 Modem - ok
21:26:02.0632 7940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:26:02.0694 7940 monitor - ok
21:26:02.0710 7940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:26:02.0741 7940 mouclass - ok
21:26:02.0756 7940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:26:02.0788 7940 mouhid - ok
21:26:02.0819 7940 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:26:02.0834 7940 mountmgr - ok
21:26:02.0850 7940 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
21:26:02.0866 7940 MPFP - ok
21:26:02.0881 7940 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:26:02.0897 7940 mpio - ok
21:26:02.0912 7940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:26:02.0975 7940 mpsdrv - ok
21:26:02.0990 7940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:26:03.0037 7940 MRxDAV - ok
21:26:03.0068 7940 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:26:03.0115 7940 mrxsmb - ok
21:26:03.0162 7940 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:26:03.0209 7940 mrxsmb10 - ok
21:26:03.0240 7940 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:26:03.0256 7940 mrxsmb20 - ok
21:26:03.0271 7940 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:26:03.0287 7940 msahci - ok
21:26:03.0302 7940 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:26:03.0318 7940 msdsm - ok
21:26:03.0365 7940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:26:03.0396 7940 Msfs - ok
21:26:03.0427 7940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:26:03.0474 7940 mshidkmdf - ok
21:26:03.0491 7940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:26:03.0506 7940 msisadrv - ok
21:26:03.0522 7940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:26:03.0569 7940 MSKSSRV - ok
21:26:03.0615 7940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:26:03.0662 7940 MSPCLOCK - ok
21:26:03.0678 7940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:26:03.0756 7940 MSPQM - ok
21:26:03.0787 7940 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:26:03.0834 7940 MsRPC - ok
21:26:03.0849 7940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:26:03.0865 7940 mssmbios - ok
21:26:03.0881 7940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:26:03.0927 7940 MSTEE - ok
21:26:03.0943 7940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:26:03.0974 7940 MTConfig - ok
21:26:04.0005 7940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:26:04.0037 7940 Mup - ok
21:26:04.0068 7940 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:26:04.0083 7940 mwlPSDFilter - ok
21:26:04.0099 7940 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:26:04.0099 7940 mwlPSDNServ - ok
21:26:04.0115 7940 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:26:04.0130 7940 mwlPSDVDisk - ok
21:26:04.0161 7940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:26:04.0193 7940 NativeWifiP - ok
21:26:04.0349 7940 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120202.002\ENG64.SYS
21:26:04.0364 7940 NAVENG - ok
21:26:04.0427 7940 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120202.002\EX64.SYS
21:26:04.0458 7940 NAVEX15 - ok
21:26:04.0505 7940 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:26:04.0520 7940 NDIS - ok
21:26:04.0551 7940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:26:04.0614 7940 NdisCap - ok
21:26:04.0629 7940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:26:04.0692 7940 NdisTapi - ok
21:26:04.0707 7940 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:26:04.0754 7940 Ndisuio - ok
21:26:04.0785 7940 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:26:04.0832 7940 NdisWan - ok
21:26:04.0848 7940 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:26:04.0910 7940 NDProxy - ok
21:26:04.0957 7940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:26:05.0019 7940 NetBIOS - ok
21:26:05.0035 7940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:26:05.0097 7940 NetBT - ok
21:26:05.0144 7940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:26:05.0160 7940 nfrd960 - ok
21:26:05.0207 7940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:26:05.0253 7940 Npfs - ok
21:26:05.0269 7940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:26:05.0331 7940 nsiproxy - ok
21:26:05.0425 7940 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:26:05.0503 7940 Ntfs - ok
21:26:05.0519 7940 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:26:05.0534 7940 NTIDrvr - ok
21:26:05.0550 7940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:26:05.0597 7940 Null - ok
21:26:05.0628 7940 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:26:05.0690 7940 NVENETFD - ok
21:26:05.0737 7940 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
21:26:05.0753 7940 NVHDA - ok
21:26:06.0018 7940 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:26:06.0377 7940 nvlddmkm - ok
21:26:06.0423 7940 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:26:06.0470 7940 NVNET - ok
21:26:06.0501 7940 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:26:06.0517 7940 nvraid - ok
21:26:06.0548 7940 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
21:26:06.0564 7940 nvsmu - ok
21:26:06.0595 7940 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:26:06.0626 7940 nvstor - ok
21:26:06.0657 7940 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
21:26:06.0673 7940 nvstor64 - ok
21:26:06.0704 7940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:26:06.0720 7940 nv_agp - ok
21:26:06.0751 7940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:26:06.0782 7940 ohci1394 - ok
21:26:06.0860 7940 PAC7302 (f0f5d45bf52238aefcaf6884d9aaf78d) C:\Windows\system32\DRIVERS\PAC7302.SYS
21:26:06.0907 7940 PAC7302 - ok
21:26:06.0938 7940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:26:06.0954 7940 Parport - ok
21:26:06.0969 7940 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:26:06.0985 7940 partmgr - ok
21:26:07.0001 7940 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:26:07.0016 7940 pci - ok
21:26:07.0032 7940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:26:07.0032 7940 pciide - ok
21:26:07.0063 7940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:07.0079 7940 pcmcia - ok
21:26:07.0094 7940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:26:07.0094 7940 pcw - ok
21:26:07.0125 7940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:26:07.0172 7940 PEAUTH - ok
21:26:07.0266 7940 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:26:07.0313 7940 PptpMiniport - ok
21:26:07.0344 7940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:26:07.0359 7940 Processor - ok
21:26:07.0406 7940 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:26:07.0484 7940 Psched - ok
21:26:07.0531 7940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:26:07.0578 7940 ql2300 - ok
21:26:07.0609 7940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:07.0625 7940 ql40xx - ok
21:26:07.0640 7940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:26:07.0656 7940 QWAVEdrv - ok
21:26:07.0687 7940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:26:07.0718 7940 RasAcd - ok
21:26:07.0749 7940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:07.0827 7940 RasAgileVpn - ok
21:26:07.0843 7940 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:07.0890 7940 Rasl2tp - ok
21:26:07.0921 7940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:07.0968 7940 RasPppoe - ok
21:26:07.0999 7940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:26:08.0030 7940 RasSstp - ok
21:26:08.0061 7940 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:26:08.0155 7940 rdbss - ok
21:26:08.0171 7940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:08.0217 7940 rdpbus - ok
21:26:08.0249 7940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:08.0295 7940 RDPCDD - ok
21:26:08.0327 7940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:26:08.0373 7940 RDPENCDD - ok
21:26:08.0405 7940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:26:08.0451 7940 RDPREFMP - ok
21:26:08.0467 7940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:26:08.0514 7940 RDPWD - ok
21:26:08.0545 7940 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:26:08.0561 7940 rdyboost - ok
21:26:08.0607 7940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:26:08.0639 7940 rspndr - ok
21:26:08.0670 7940 S2usbser (6c4c1da569e219d738325fcfdc3543f6) C:\Windows\system32\DRIVERS\S2usbser.sys
21:26:08.0717 7940 S2usbser - ok
21:26:08.0748 7940 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:26:08.0763 7940 sbp2port - ok
21:26:08.0795 7940 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:26:08.0857 7940 scfilter - ok
21:26:08.0904 7940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:26:08.0951 7940 secdrv - ok
21:26:08.0997 7940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:26:09.0029 7940 Serenum - ok
21:26:09.0060 7940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:26:09.0091 7940 Serial - ok
21:26:09.0107 7940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:26:09.0138 7940 sermouse - ok
21:26:09.0185 7940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:26:09.0216 7940 sffdisk - ok
21:26:09.0231 7940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:26:09.0247 7940 sffp_mmc - ok
21:26:09.0263 7940 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:26:09.0278 7940 sffp_sd - ok
21:26:09.0294 7940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:09.0309 7940 sfloppy - ok
21:26:09.0356 7940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:09.0387 7940 SiSRaid2 - ok
21:26:09.0419 7940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:09.0419 7940 SiSRaid4 - ok
21:26:09.0465 7940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:26:09.0512 7940 Smb - ok
21:26:09.0543 7940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:26:09.0543 7940 spldr - ok
21:26:09.0653 7940 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NISx64\1302000.00A\SRTSP64.SYS
21:26:09.0699 7940 SRTSP - ok
21:26:09.0746 7940 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1302000.00A\SRTSPX64.SYS
21:26:09.0762 7940 SRTSPX - ok
21:26:09.0809 7940 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:26:09.0871 7940 srv - ok
21:26:09.0887 7940 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:26:09.0918 7940 srv2 - ok
21:26:09.0949 7940 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:26:09.0980 7940 srvnet - ok
21:26:10.0027 7940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:26:10.0043 7940 stexstor - ok
21:26:10.0058 7940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:26:10.0074 7940 swenum - ok
21:26:10.0105 7940 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS
21:26:10.0121 7940 SymDS - ok
21:26:10.0183 7940 SymEFA (d89a88ad71e12f963b1f436a0e91dcbf) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS
21:26:10.0214 7940 SymEFA - ok
21:26:10.0261 7940 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:26:10.0277 7940 SymEvent - ok
21:26:10.0339 7940 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS
21:26:10.0355 7940 SymIRON - ok
21:26:10.0386 7940 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS
21:26:10.0401 7940 SymNetS - ok
21:26:10.0495 7940 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:26:10.0574 7940 Tcpip - ok
21:26:10.0652 7940 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:26:10.0683 7940 TCPIP6 - ok
21:26:10.0714 7940 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:26:10.0792 7940 tcpipreg - ok
21:26:10.0808 7940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:26:10.0886 7940 TDPIPE - ok
21:26:10.0902 7940 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:26:10.0948 7940 TDTCP - ok
21:26:10.0980 7940 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:26:11.0058 7940 tdx - ok
21:26:11.0073 7940 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:26:11.0089 7940 TermDD - ok
21:26:11.0136 7940 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:11.0198 7940 tssecsrv - ok
21:26:11.0229 7940 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:26:11.0323 7940 tunnel - ok
21:26:11.0338 7940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:26:11.0370 7940 uagp35 - ok
21:26:11.0401 7940 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:26:11.0416 7940 UBHelper - ok
21:26:11.0448 7940 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:26:11.0494 7940 udfs - ok
21:26:11.0526 7940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:26:11.0541 7940 uliagpkx - ok
21:26:11.0557 7940 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:26:11.0588 7940 umbus - ok
21:26:11.0605 7940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:26:11.0636 7940 UmPass - ok
21:26:11.0698 7940 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
21:26:11.0698 7940 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:26:11.0698 7940 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:26:11.0745 7940 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:26:11.0792 7940 usbaudio - ok
21:26:11.0823 7940 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:11.0885 7940 usbccgp - ok
21:26:11.0917 7940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:26:11.0963 7940 usbcir - ok
21:26:11.0995 7940 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
21:26:12.0026 7940 usbehci - ok
21:26:12.0057 7940 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
21:26:12.0088 7940 usbhub - ok
21:26:12.0135 7940 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:26:12.0151 7940 usbohci - ok
21:26:12.0182 7940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:26:12.0197 7940 usbprint - ok
21:26:12.0229 7940 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:12.0244 7940 USBSTOR - ok
21:26:12.0275 7940 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:26:12.0291 7940 usbuhci - ok
21:26:12.0338 7940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:26:12.0353 7940 vdrvroot - ok
21:26:12.0369 7940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:12.0385 7940 vga - ok
21:26:12.0400 7940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:26:12.0431 7940 VgaSave - ok
21:26:12.0463 7940 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:26:12.0478 7940 vhdmp - ok
21:26:12.0494 7940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:26:12.0509 7940 viaide - ok
21:26:12.0525 7940 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:26:12.0541 7940 volmgr - ok
21:26:12.0556 7940 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:26:12.0572 7940 volmgrx - ok
21:26:12.0603 7940 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:26:12.0619 7940 volsnap - ok
21:26:12.0650 7940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:26:12.0665 7940 vsmraid - ok
21:26:12.0681 7940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:26:12.0697 7940 vwifibus - ok
21:26:12.0712 7940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:26:12.0743 7940 WacomPen - ok
21:26:12.0775 7940 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:12.0821 7940 WANARP - ok
21:26:12.0837 7940 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:12.0915 7940 Wanarpv6 - ok
21:26:12.0946 7940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:26:12.0962 7940 Wd - ok
21:26:12.0993 7940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:26:13.0024 7940 Wdf01000 - ok
21:26:13.0055 7940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:13.0087 7940 WfpLwf - ok
21:26:13.0118 7940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:26:13.0118 7940 WIMMount - ok
21:26:13.0196 7940 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:26:13.0227 7940 WinUsb - ok
21:26:13.0274 7940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:26:13.0305 7940 WmiAcpi - ok
21:26:13.0336 7940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:26:13.0367 7940 ws2ifsl - ok
21:26:13.0414 7940 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:26:13.0477 7940 WudfPf - ok
21:26:13.0508 7940 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:13.0555 7940 WUDFRd - ok
21:26:13.0633 7940 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
21:26:13.0679 7940 xusb21 - ok
21:26:13.0695 7940 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
21:26:16.0207 7940 \Device\Harddisk0\DR0 - ok
21:26:16.0519 7940 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:26:16.0815 7940 \Device\Harddisk1\DR1 - ok
21:26:16.0831 7940 Boot (0x1200) (962dd49d3acc8860e011659cbc3b678a) \Device\Harddisk0\DR0\Partition0
21:26:16.0831 7940 \Device\Harddisk0\DR0\Partition0 - ok
21:26:16.0846 7940 Boot (0x1200) (b743ed6123b2c812117c2422c549a7f6) \Device\Harddisk0\DR0\Partition1
21:26:16.0846 7940 \Device\Harddisk0\DR0\Partition1 - ok
21:26:16.0862 7940 Boot (0x1200) (67f4d5de59de0f836eece34c6a016cf2) \Device\Harddisk0\DR0\Partition2
21:26:16.0862 7940 \Device\Harddisk0\DR0\Partition2 - ok
21:26:16.0877 7940 Boot (0x1200) (640aa904faacdeacfcc24d29d87123a4) \Device\Harddisk1\DR1\Partition0
21:26:16.0877 7940 \Device\Harddisk1\DR1\Partition0 - ok
21:26:16.0877 7940 ============================================================
21:26:16.0877 7940 Scan finished
21:26:16.0877 7940 ============================================================
21:26:16.0924 5056 Detected object count: 1
21:26:16.0924 5056 Actual detected object count: 1
21:27:11.0836 5056 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:11.0836 5056 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:22.0678 6188 Deinitialize success
  • 0

#6
RKinner
Posted 02 February 2012 - 04:37 PM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
Skip aswMBR for now and do the rest.
  • 0

#7
NickyM
Posted 02 February 2012 - 05:17 PM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Proxy....no proxy direct access
sfc /scannow no voilations

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/02/2012 22:58:06

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/02/2012 22:58:54

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL logfile created on: 2/2/2012 11:02:52 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicky\Documents\OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.58% Memory free
5.50 Gb Paging File | 3.81 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.22 Gb Total Space | 197.15 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
Drive D: | 290.22 Gb Total Space | 290.05 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 433.68 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: NICKY-PC | User Name: Nicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 17:46:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nicky\My Documents\OTL\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/05 09:22:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/24 16:51:19 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 21:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/10 05:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/06 17:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/06 17:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 05:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 16:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/07/03 16:48:02 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | -H-- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/29 15:59:12 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/08/10 05:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/08/10 02:49:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/02/03 00:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (All) ==========

SRV:64bit: - [2011/12/08 01:36:46 | 000,934,760 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\lsass.exe -- (EFS)
SRV:64bit: - [2011/08/30 23:05:32 | 000,462,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2011/05/24 11:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2011/05/21 06:01:00 | 001,016,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysNative\nvvsvc.exe -- (nvsvc)
SRV:64bit: - [2011/05/04 05:24:09 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2011/03/03 06:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2011/02/19 06:37:44 | 001,135,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2010/12/21 06:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/12/21 06:16:14 | 000,442,880 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:64bit: - [2010/12/21 06:16:09 | 000,258,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:64bit: - [2010/11/02 05:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/14 06:45:57 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc)
SRV:64bit: - [2010/08/27 06:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/08/21 06:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2010/06/02 23:50:44 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/14 01:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 01:41:59 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc)
SRV:64bit: - [2009/07/14 01:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 01:41:58 | 002,018,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2009/07/14 01:41:57 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2009/07/14 01:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc)
SRV:64bit: - [2009/07/14 01:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:64bit: - [2009/07/14 01:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\upnphost.dll -- (upnphost)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009/07/14 01:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 01:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
SRV:64bit: - [2009/07/14 01:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost)
SRV:64bit: - [2009/07/14 01:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost)
SRV:64bit: - [2009/07/14 01:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport)
SRV:64bit: - [2009/07/14 01:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService)
SRV:64bit: - [2009/07/14 01:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:64bit: - [2009/07/14 01:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService)
SRV:64bit: - [2009/07/14 01:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks)
SRV:64bit: - [2009/07/14 01:41:55 | 000,093,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2009/07/14 01:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 01:41:54 | 001,780,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2009/07/14 01:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV)
SRV:64bit: - [2009/07/14 01:41:54 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv)
SRV:64bit: - [2009/07/14 01:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc)
SRV:64bit: - [2009/07/14 01:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 01:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 001,390,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla)
SRV:64bit: - [2009/07/14 01:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 01:41:53 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2009/07/14 01:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 01:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE)
SRV:64bit: - [2009/07/14 01:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009/07/14 01:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 01:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 01:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 01:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS)
SRV:64bit: - [2009/07/14 01:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/14 01:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc)
SRV:64bit: - [2009/07/14 01:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 01:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts)
SRV:64bit: - [2009/07/14 01:41:13 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc)
SRV:64bit: - [2009/07/14 01:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/14 01:41:10 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2009/07/14 01:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 01:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum)
SRV:64bit: - [2009/07/14 01:41:08 | 000,845,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:40:59 | 000,776,192 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc)
SRV:64bit: - [2009/07/14 01:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009/07/14 01:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:40:32 | 000,162,816 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\dps.dll -- (DPS)
SRV:64bit: - [2009/07/14 01:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 01:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 01:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 01:40:15 | 000,080,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2009/07/14 01:40:15 | 000,080,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2009/07/14 01:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 01:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 01:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/14 01:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 01:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 01:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/14 01:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:64bit: - [2009/07/14 01:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 01:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 01:39:49 | 000,532,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds)
SRV:64bit: - [2009/07/14 01:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect)
SRV:64bit: - [2009/07/14 01:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/07/14 01:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 01:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC)
SRV:64bit: - [2009/07/14 01:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator)
SRV:64bit: - [2009/07/14 01:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/14 01:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/30 16:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/04/19 15:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 15:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/12/03 19:05:52 | 000,089,600 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\HPZipm12.dll -- (Pml Driver HPZ12)
SRV:64bit: - [2008/12/03 19:05:48 | 000,071,680 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/05/04 04:52:12 | 000,428,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2010/12/21 05:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/12/21 05:38:21 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/14 06:07:14 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010/08/04 07:05:58 | 000,696,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 13:03:06 | 000,135,664 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2009/12/24 13:03:06 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/08/14 18:12:42 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/06 17:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/28 19:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/14 01:39:48 | 000,194,048 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2009/07/14 01:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/14 01:16:20 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/07/14 01:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/14 01:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/14 01:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/14 01:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/14 01:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 01:16:13 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2009/07/14 01:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009/07/14 01:16:12 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2009/07/14 01:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 01:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 20:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 20:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 20:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2006/10/26 21:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/30 18:47:04 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/02 22:28:56 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2011/09/27 00:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/08 23:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/03 02:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/03 02:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/26 02:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/26 02:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/26 02:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 07:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 11:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 11:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 11:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/30 22:59:24 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/04/09 21:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2008/07/23 14:18:42 | 000,118,272 | ---- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S2usbser.sys -- (S2usbser)
DRV:64bit: - [2007/06/14 15:28:52 | 000,526,848 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2007/04/23 14:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42)
DRV - [2012/02/02 17:22:05 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120202.002\ex64.sys -- (NAVEX15)
DRV - [2012/02/02 17:22:05 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120202.002\eng64.sys -- (NAVENG)
DRV - [2012/01/23 19:10:12 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/31 00:08:29 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/15 23:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120201.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/12/01 02:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...180s25by7012y1o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...180s25by7012y1o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/12 20:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/05 09:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/02 22:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/02 22:46:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/12 20:26:30 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Click to call with Skype = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Norton Identity Protection = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\
CHR - Extension: Gmail = C:\Users\Nicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/02 21:15:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files (x86)\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab (UMediaPlayer Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...067/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B159DBA-C247-46A2-A731-21B5A9298F13}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS -
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 21:51:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/02 21:28:34 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Nicky\Desktop\aswMBR.exe
[2012/02/02 20:57:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 20:57:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 20:57:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/02 20:57:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 20:48:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 20:09:48 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4F1D8E32-075C-4D04-AC47-1E7D215EB863}
[2012/02/02 17:46:13 | 000,000,000 | ---D | C] -- C:\Users\Nicky\Documents\OTL
[2012/02/02 08:09:20 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A56EDE06-F945-4390-930A-0CEAB95C845B}
[2012/02/02 08:09:08 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{010315DE-5D12-4496-9358-DA1DB1282577}
[2012/02/01 20:08:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0C19F869-58E0-42F6-B28E-45B1127EE106}
[2012/02/01 20:08:28 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{DD4108DB-D5B7-47AC-93E7-810F270BD0DB}
[2012/02/01 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8571A02F-364D-40E9-A215-091F18A37F3D}
[2012/02/01 08:07:45 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0A26793F-174D-4C87-8B8C-516DA203969E}
[2012/01/31 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{C10BDBC0-9261-43EB-8577-46E912087E36}
[2012/01/31 10:25:35 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{D46797B1-CCE4-4F65-B012-CF7D20443028}
[2012/01/31 09:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/31 09:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/01/31 09:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/30 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B5AF97C4-8241-4A88-94E4-CC5F8F2B1CFA}
[2012/01/30 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{2BA65594-AD1F-408C-B155-A544D273034E}
[2012/01/30 10:24:20 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{5063C59D-A628-4B1E-98EE-229D684EB3FF}
[2012/01/29 22:23:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4D0AAB26-6871-42EB-B835-0C815A9647FD}
[2012/01/29 22:23:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{9374EA2E-1ABB-49B4-A339-31C1E0A14F4F}
[2012/01/29 12:35:07 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Roaming\Malwarebytes
[2012/01/29 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/29 12:34:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/29 12:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/29 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8056A58C-2419-4D06-A487-7D6BF171005B}
[2012/01/29 10:22:54 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{387E5446-E4EA-48DE-B33F-D6CFDB6E6C0C}
[2012/01/28 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{55315423-61C4-4B1D-A0FF-11FD06EE2720}
[2012/01/28 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F6693C25-9B3E-4980-9E00-91F6ACC3A902}
[2012/01/28 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{EC7EE414-2DA2-4B49-B4DE-CDCF73711FDF}
[2012/01/27 20:23:01 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B0B794E3-23EE-4F5F-AE8B-9A5C3B0306B7}
[2012/01/27 08:22:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{6AEC30CC-994F-4F94-A08D-1C8DA92DD7F9}
[2012/01/27 08:22:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3979976B-9DE8-414B-940C-54651DCD02AB}
[2012/01/26 20:19:02 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{2B1ACE76-3A10-4BCE-8DF0-C15746548339}
[2012/01/26 08:18:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{9703706B-7223-4DFB-9892-AE535C54019A}
[2012/01/26 08:18:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{71F5DB69-C190-4395-8855-1598CB353388}
[2012/01/25 20:03:54 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A9E58ECA-538C-4AD2-9D0A-7E367848C3AE}
[2012/01/25 20:03:42 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{392B7B64-4460-4D86-90DD-008501E27BCF}
[2012/01/25 08:03:08 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{036D4141-A769-40E0-BCC1-8BA461944AE9}
[2012/01/25 08:02:53 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{31289393-B698-4441-B739-735EE8581B34}
[2012/01/24 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{EE7F66C8-F3F5-4364-B463-89774679670F}
[2012/01/24 10:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0F5727FC-18F8-4B8C-9870-087D2DB67D6C}
[2012/01/23 22:58:55 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A79B9564-E262-4070-BE37-6683C3BDEAAF}
[2012/01/23 10:58:27 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F6838556-6F0A-43F0-BCC8-39FB70823B3A}
[2012/01/23 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{ACDD3146-1B99-42F2-9A80-24B75E648574}
[2012/01/22 22:57:47 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{AC21F737-1B52-4073-A76D-71F8525B942F}
[2012/01/22 22:57:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0FECF01B-666C-49A9-A6CE-DAFB0DC7A1DA}
[2012/01/22 10:57:04 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{6644856E-05CC-4872-B935-78923CF6A6F2}
[2012/01/22 10:56:52 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{9ADCA69B-F049-4669-A599-A58DCD6D3E07}
[2012/01/21 10:21:29 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4E2DA6A9-1866-4CC7-95FC-C2C92D9B3801}
[2012/01/21 10:21:16 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A9ACD323-DF0A-43A3-A961-47D3203FDC8B}
[2012/01/20 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{52936200-FDDA-4CF6-B262-7D5E1B526BF9}
[2012/01/20 20:33:10 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{71EEEBDC-7B0A-446B-8CD0-7C4B23664661}
[2012/01/20 08:32:56 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{623AF009-8AD2-462F-B79A-24E66251436F}
[2012/01/20 08:32:44 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{7F6004D1-B0A0-42E8-B5A1-BADDE3AE45CE}
[2012/01/19 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{5B0E74B3-0A4F-4D4E-BC89-8966B4779035}
[2012/01/19 08:31:50 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{FF38C1F2-ABE1-4990-81B6-4A06A7CF4CE6}
[2012/01/19 08:31:38 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{17209A93-405E-464C-A80E-755794C525C4}
[2012/01/18 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{61121460-E53E-4258-A281-E35B2C6BA41F}
[2012/01/18 08:30:43 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{184FC1DF-6FA1-497C-8395-49D708D7BF89}
[2012/01/18 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F0888F4A-F4B0-433F-B069-AE51D846CDCB}
[2012/01/17 20:30:03 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B1971A34-A393-4F2B-BE22-8AEC2FEA57E8}
[2012/01/17 19:22:36 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 19:22:36 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/17 19:22:36 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/17 19:22:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/17 19:22:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/17 19:22:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/17 08:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0BB9D917-3F71-4AEF-B184-2FB261B061CD}
[2012/01/17 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4E2D87E4-5AFA-49CB-8FE6-AE67AC621E1B}
[2012/01/16 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{2197CC0C-5B1F-41AE-A922-E2A24ED5B2F7}
[2012/01/16 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{32FB777B-F73A-4B15-9D1A-11D645A87136}
[2012/01/16 08:11:52 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{692E7D41-76E8-47AC-99B8-D820918A2D47}
[2012/01/16 08:11:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A77CFFFA-EFE5-48B3-A08B-A68C8CC19F52}
[2012/01/15 11:06:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{965EC31E-2C85-4455-95CC-5C1FF727714D}
[2012/01/15 11:06:29 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8CBD33ED-5DD7-4D04-B418-C667B84DE954}
[2012/01/14 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A942FD11-77CB-4B2D-9C46-3A86A17D674D}
[2012/01/14 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{747B1845-B276-492C-BC7F-28BB92949DBD}
[2012/01/14 11:05:09 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B0002C78-2D2F-415D-B10F-4587045DDBC7}
[2012/01/13 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{50947D8C-3676-4E1C-B1CC-42857CCB7A62}
[2012/01/13 08:30:25 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{7C75D122-181D-47F0-8DB4-73E3CB579138}
[2012/01/13 08:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{FED8F461-446D-4DC6-9D93-EF2F13D90029}
[2012/01/12 20:29:45 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3891B9AB-DE0D-45B2-950A-FC728E2F6412}
[2012/01/12 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Roaming\AMPSoft
[2012/01/12 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nicky\Desktop\Font Viewer
[2012/01/12 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{570046CB-2E7D-4ED9-B924-4659C97AE6E6}
[2012/01/12 08:29:08 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{FAD87E31-4877-45EC-9462-58646FEEF902}
[2012/01/11 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{40B036C7-1B3F-4527-B5F2-6B161809BEBA}
[2012/01/11 12:35:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 12:35:33 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 12:35:33 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 12:35:33 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 12:35:31 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 12:35:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 12:35:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/11 08:28:13 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{D29F1CFE-222C-4305-A07F-372CD6685DAA}
[2012/01/11 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3099D621-1581-4DDE-AD89-FC0E400A8B00}
[2012/01/10 20:17:15 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{F374FAB0-74DA-43A7-A601-E381A0B17AD0}
[2012/01/10 08:16:48 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{8C2B29A6-91A5-4E67-8731-FFF1726403FA}
[2012/01/10 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B6ED033C-62AC-473D-AA27-7C841CBE3014}
[2012/01/09 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{4858AB86-D296-490A-886B-F3B311B2E61A}
[2012/01/09 08:15:40 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{EC1DAD02-EC48-49D8-ADCD-ABC4E7962D95}
[2012/01/09 08:15:28 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{706ADE0D-44E4-4406-AD26-F73B8E6F8D80}
[2012/01/08 10:42:00 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3F730B9E-9973-411C-BFDD-98CFD58F79F3}
[2012/01/08 10:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{859A0A24-CDE0-4D71-BDC4-AB4B78C66C69}
[2012/01/07 22:41:10 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{E347EB03-3149-4553-AEBF-0DBDFE46D209}
[2012/01/07 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{24C974CB-BA1F-4E66-A350-390144F527CE}
[2012/01/07 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\House of 1000 Doors - Family Secrets Collector's Edition
[2012/01/07 14:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\House of 1000 Doors - Family Secrets Collector's Edition
[2012/01/07 14:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\House of 1000 Doors - Family Secrets Collector's Edition
[2012/01/07 10:40:30 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{45540253-7CF1-4807-9EF7-C45577742593}
[2012/01/07 10:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{1B1B77E9-28D0-4789-9AC9-B1FEE89E5225}
[2012/01/06 11:12:34 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{421B5EDD-B44C-4430-B7EC-60ED3702FF7A}
[2012/01/06 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{BE18B506-67FA-478B-A8BA-1EB880D01EFB}
[2012/01/05 23:11:53 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{A662AC82-DD2E-426B-A095-851EE29898BB}
[2012/01/05 11:11:26 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{699C4A6C-0CFC-4FE1-97FB-94462049B850}
[2012/01/05 11:11:14 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{6EDE7EAD-49D7-4D38-9E4E-4458FAE1030C}
[2012/01/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{912133B3-F3B2-4F07-939C-B119056C04AA}
[2012/01/04 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{DDD704C7-ECF0-47C4-97C2-2BF0A36C9C11}
[2012/01/04 11:10:07 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{0D6BAD2A-24B8-49E3-B469-209E17190CD4}
[2012/01/04 11:09:55 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{7773C070-A929-4B74-99C8-165B3DC459B6}
[2012/01/03 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{B36BD4A7-8635-4552-B7D3-9F7EF7A30864}
[2012/01/03 23:09:12 | 000,000,000 | ---D | C] -- C:\Users\Nicky\AppData\Local\{3B59AE18-7D30-4A79-8E35-ED9F4279CA7B}
[2009/08/14 17:54:53 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2012/02/02 23:01:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 22:51:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 22:51:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 22:44:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 22:43:58 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2012/02/02 22:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 22:43:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/02 22:43:52 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 21:28:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Nicky\Desktop\aswMBR.exe
[2012/02/02 21:15:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/02 16:35:38 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nicky.job
[2012/02/01 08:13:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 20:12:42 | 000,000,134 | ---- | M] () -- C:\Users\Nicky\Desktop\Internet Explorer Troubleshooting.url
[2012/01/29 14:44:16 | 000,007,626 | ---- | M] () -- C:\Users\Nicky\AppData\Local\resmon.resmoncfg
[2012/01/25 15:57:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/25 15:57:28 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/25 15:57:28 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/24 13:57:16 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/07 14:58:59 | 000,008,320 | -H-- | M] () -- C:\Windows\wininit.ini
[2012/01/07 14:58:58 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Play House of 1000 Doors - Family Secrets Collector's Edition.lnk
[2012/01/07 14:58:58 | 000,001,342 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/01/04 10:10:58 | 000,000,592 | ---- | M] () -- C:\Windows\MRU.ini
[2012/01/04 09:51:27 | 001,899,003 | ---- | M] () -- C:\Users\Nicky\Documents\Messier List PDF.pdf

========== Files Created - No Company Name ==========

[2012/02/02 20:57:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 20:57:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 20:57:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 20:57:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 20:57:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/29 12:36:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 14:58:58 | 000,001,342 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/01/07 14:58:57 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Play House of 1000 Doors - Family Secrets Collector's Edition.lnk
[2012/01/04 09:51:26 | 001,899,003 | ---- | C] () -- C:\Users\Nicky\Documents\Messier List PDF.pdf
[2011/09/18 16:10:22 | 000,005,632 | ---- | C] () -- C:\Users\Nicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/06/11 14:46:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/05 14:11:11 | 000,000,391 | ---- | C] () -- C:\Users\Nicky\AppData\Roaming\prefsdb.dat
[2010/11/06 19:37:39 | 000,000,592 | ---- | C] () -- C:\Windows\MRU.ini
[2010/10/17 09:15:52 | 000,007,626 | ---- | C] () -- C:\Users\Nicky\AppData\Local\resmon.resmoncfg
[2010/08/29 18:12:48 | 000,001,456 | ---- | C] () -- C:\Users\Nicky\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/05 18:53:08 | 000,000,023 | ---- | C] () -- C:\Windows\SysWow64\PCSuiteConfigFile.ini
[2010/08/05 18:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\PCSuiteShareFile.ini
[2010/08/05 18:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\PCSuiteParamFile.ini
[2010/07/12 20:26:05 | 000,023,142 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/07/12 13:18:11 | 000,023,142 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/07/06 18:37:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/05 09:40:19 | 000,163,514 | ---- | C] () -- C:\Windows\hphins33.dat
[2010/02/01 18:11:19 | 000,008,320 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/01/02 16:38:32 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/01/02 16:38:32 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009/12/21 21:52:41 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 10:17:52 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/01/04 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\.minecraft
[2011/04/20 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2011/09/11 10:38:44 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Adobe
[2011/05/31 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Aerohills
[2010/04/13 18:43:20 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Alawar Entertainment
[2012/01/12 09:59:04 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\AMPSoft
[2010/11/07 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Apple Computer
[2009/12/26 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\ArcSoft
[2010/04/08 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Artogon
[2010/07/06 19:23:49 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\AVS4YOU
[2011/06/11 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Big Finish
[2011/12/29 22:40:24 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Big Fish Games
[2010/02/01 19:05:13 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\BigFishGames
[2010/03/10 13:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\BloodTies
[2011/03/31 13:20:17 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Blue Tea Games
[2011/12/04 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Blueberry
[2011/10/29 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Boomzap
[2011/03/20 16:04:48 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\CursedOnboard
[2011/06/29 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\DailyMagic
[2011/01/28 15:16:18 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Dekovir
[2010/02/03 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Dragon Altar Games
[2010/12/28 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\EleFun Games
[2011/04/28 10:30:06 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Elephant Games
[2010/08/11 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Enlightenus2_BFG
[2011/01/19 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\ERS G-Studio
[2011/10/09 18:14:18 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\ERS Game Studios
[2011/10/08 14:08:14 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Fenomen Games
[2011/05/21 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\FlyWheelGames
[2009/12/25 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Friday's games
[2009/12/23 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GameConsole
[2011/03/20 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GameMill Entertainment
[2010/01/14 18:07:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GamersDigital
[2011/05/15 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\GAMGO
[2010/02/05 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Gestalt Games
[2011/04/23 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Google
[2010/05/16 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\HdO Adventure
[2010/07/05 09:53:48 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\HP
[2010/07/23 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\HpUpdate
[2009/12/21 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Identities
[2009/12/26 19:15:06 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\InstallShield
[2011/05/02 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Lazy Turtle Games
[2010/01/13 18:36:25 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Leadertech
[2011/12/02 22:29:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\LogSys
[2011/04/20 13:44:01 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\MA2
[2009/12/21 17:38:04 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Macromedia
[2012/01/29 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Malwarebytes
[2011/05/04 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Maximize Games
[2009/07/14 07:44:38 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Media Center Programs
[2011/10/08 15:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\MediaArt
[2010/05/15 12:08:27 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Merscom
[2011/09/11 10:38:44 | 000,000,000 | --SD | M] -- C:\Users\Nicky\AppData\Roaming\Microsoft
[2011/04/15 11:37:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\MysteryStudio
[2010/02/20 11:41:13 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Nero
[2010/04/09 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Oberon 3 Days Zoo Mystery
[2011/06/05 14:11:39 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\perfect future studio
[2011/06/11 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\PlayFirst
[2010/02/11 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\PoBros
[2010/05/10 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Poser
[2011/12/03 13:32:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Poser 7
[2010/11/20 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Real
[2011/05/21 13:54:46 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Silverback Productions
[2011/11/22 22:11:21 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Skype
[2010/04/05 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Specialbit
[2010/11/04 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Stellarium
[2010/08/07 13:42:07 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\TikisLab
[2010/04/04 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Top Evidence
[2011/07/02 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\VampireSaga
[2010/08/08 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Vast Studios
[2011/05/08 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Windows Live Writer
[2010/04/03 21:03:00 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\WinRAR
[2010/04/20 19:07:29 | 000,000,000 | ---D | M] -- C:\Users\Nicky\AppData\Roaming\Yahoo!


< MD5 for: EXPLORER.EXE >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 01:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 01:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 01:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/01/20 05:35:36 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:AFB24B00
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D3FFFBA9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:94BD36A2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A5930D84
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:8BBD1F9A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9E9A3410
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B8EB1B99
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:526B3022
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4E9307D7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84F494D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3EC5BC08
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6B709AD7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:762408BA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4C8FA829
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:373C6DC2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8AEF2555
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D9656460
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D4558A0B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:62B9E014
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:48529647
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:AED33A42
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:24C072FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AE8D8202
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EF4B1DA9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63CFD724
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29861223
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03A039A3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F9E10A82
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F8B72C9

< End of report >



OTL Extras logfile created on: 2/2/2012 11:02:52 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicky\Documents\OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.58% Memory free
5.50 Gb Paging File | 3.81 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.22 Gb Total Space | 197.15 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
Drive D: | 290.22 Gb Total Space | 290.05 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 433.68 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: NICKY-PC | User Name: Nicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18435829-4E75-4CD1-9796-A62DBBAE2ED7}" = DeepSkyStacker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1" = Amnesia - The Dark Descent Demo
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7814358B-1284-4305-AE5A-6667DBDF4771}" = ArcSoft WebCam Companion 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114326367}" = Blood Ties
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114774927}" = Dream Chronicles 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118203740}" = Mirror Mysteries
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118295220}" = Born into Darkness
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118451570}" = 3 Days Zoo Mystery
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{919955B0-50EB-45DD-9165-C3BCFBF6B2D1}" = S2 PCSync
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ADE33365-CB20-4147-A962-2ADC4EF0EF78}" = Locomotion Demo
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE3A3BDB-93B0-4F19-ABB1-D63575210C6C}_is1" = Dig-N-Rig version 1.0
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{dcecd67a-83b9-491f-93bd-059cab7dff56}" = Nero 9 Essentials
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}" = ArcSoft PhotoImpression 5
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BB FlashBack Express" = BB FlashBack Express
"BFG-A Gypsy's Tale - The Tower of Secrets" = A Gypsy's Tale: The Tower of Secrets
"BFG-Antique Road Trip 2 - Homecoming" = Antique Road Trip 2: Homecoming
"BFG-Awakening - Moonfell Wood" = Awakening: Moonfell Wood
"BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
"BFG-Awakening - The Goblin Kingdom" = Awakening: The Goblin Kingdom
"BFG-Big City Adventure - Vancouver Collector's Edition" = Big City Adventure: Vancouver Collector's Edition
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Dimensions - City of Fog" = Dark Dimensions: City of Fog
"BFG-Dark Parables - The Exiled Prince Collector's Edition" = Dark Parables: The Exiled Prince Collector's Edition
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Detective Agency 2 - The Banker's wife" = Detective Agency 2: Banker's wife
"BFG-Dream Chronicles - The Book of Air" = Dream Chronicles: The Book of Air
"BFG-Enlightenus II - The Timeless Tower Collector's Edition" = Enlightenus II: The Timeless Tower Collector's Edition
"BFG-Epic Adventures - Cursed Onboard" = Epic Adventures: Cursed Onboard
"BFG-Escape from Thunder Island" = Escape from Thunder Island
"BFG-Fear For Sale - Mystery of McInroy Manor" = Fear For Sale: Mystery of McInroy Manor
"BFG-Hallowed Legends - Samhain" = Hallowed Legends: Samhain
"BFG-Haunted Halls - Green Hills Sanitarium" = Haunted Halls: Green Hills Sanitarium
"BFG-Haunted Manor - Lord of Mirrors Collector's Edition" = Haunted Manor: Lord of Mirrors Collector's Edition
"BFG-Hidden Mysteries - Salem Secrets" = Hidden Mysteries&reg;: Salem Secrets
"BFG-Hidden Mysteries - Vampire Secrets" = Hidden Mysteries: Vampire Secrets
"BFG-Hidden Object Crosswords" = Hidden Object Crosswords
"BFG-House of 1000 Doors - Family Secrets Collector's Edition" = House of 1000 Doors: Family Secrets Collector's Edition
"BFG-Island - The Lost Medallion" = Island: The Lost Medallion
"BFG-Lost Lagoon - The Trail of Destiny" = Lost Lagoon: The Trail of Destiny
"BFG-Lost Souls - Enchanted Paintings" = Lost Souls: Enchanted Paintings
"BFG-Love Story - The Beach Cottage" = Love Story: The Beach Cottage
"BFG-Murder Island - Secret of Tantalus" = Murder Island: Secret of Tantalus
"BFG-Mysteries of Magic Island" = Mysteries of Magic Island
"BFG-Mystery Age - The Dark Priests" = Mystery Age: The Dark Priests
"BFG-Mystery Case Files - 13th Skull" = Mystery Case Files &reg;: 13th Skull ™
"BFG-Mystery Case Files - 13th Skull Collector's Edition" = Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"BFG-Mystery Case Files - Escape from Ravenhearst" = Mystery Case Files&reg;: Escape from Ravenhearst™
"BFG-Mystery Chronicles - Betrayals of Love" = Mystery Chronicles: Betrayals of Love
"BFG-Mystery of the Earl" = Mystery of the Earl
"BFG-Nick Chase and the Deadly Diamond" = Nick Chase and the Deadly Diamond
"BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
"BFG-Penny Dreadfuls - Sweeney Todd Collector's Edition" = Penny Dreadfuls: Sweeney Todd Collector`s Edition
"BFG-Pirate Mysteries - A Tale of Monkeys, Masks, and Hidden Objects" = Pirate Mysteries: A Tale of Monkeys, Masks, and Hidden Objects
"BFG-Private Eye - Greatest Unsolved Mysteries" = Private Eye: Greatest Unsolved Mysteries
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-PuppetShow - Souls of the Innocent Collectors Edition" = PuppetShow: Souls of the Innocent Collector's Edition
"BFG-Rasputin's Curse" = Rasputin's Curse
"BFG-Redemption Cemetery - Curse of the Raven" = Redemption Cemetery: Curse of the Raven
"BFG-Romancing the Seven Wonders - Great Pyramids" = Romancing the Seven Wonders: Great Pyramids
"BFG-Rooms - The Main Building" = Rooms: The Main Building
"BFG-Serpent of Isis - Your Journey Continues" = The Serpent of Isis: Your Journey Continues
"BFG-Shutter Island" = Shutter Island
"BFG-Silent Scream - The Dancer" = Silent Scream: The Dancer
"BFG-Spirits of Mystery - Amber Maiden" = Spirits of Mystery: Amber Maiden
"BFG-Spirits of Mystery - Amber Maiden Collector's Edition" = Spirits of Mystery: Amber Maiden Collector's Edition
"BFG-The Curse of the Ring" = The Curse of the Ring
"BFG-The Mystery of the Crystal Portal - Beyond the Horizon" = The Mystery of the Crystal Portal: Beyond the Horizon
"BFG-Time Dreamer" = Time Dreamer
"BFG-Vampireville" = Vampireville
"BFG-Veronica Rivers - The Order Of Conspiracy" = Veronica Rivers: The Order Of Conspiracy
"BFG-Virtual Villagers - The Tree of Life" = Virtual Villagers: The Tree of Life
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Flotilla Demo_is1" = Flotilla Demo v2.333
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jewel Quest Mysteries Curse of the Emerald Tear" = Jewel Quest Mysteries Curse of the Emerald Tear (remove only)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Messenger Plus!" = Messenger Plus! 5
"Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Poser 7_is1" = Poser 7.0.2
"Poser 8_is1" = Poser 8 (8.0.0.10157)
"RealPlayer 12.0" = RealPlayer
"Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67
"Scratch" = Scratch
"Stellarium_is1" = Stellarium 0.10.6.1
"TescoDownloader" = Tesco Download Manager
"Vampire Saga - Pandora's Box" = Vampire Saga - Pandora's Box
"Vehicle Simulator_is1" = Vehicle Simulator
"Victoria 4.2 Morphs++ DAZ Studio Content ps_pe070_V4MorphsDS" = Victoria 4.2 Morphs++ DAZ Studio Content
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Nicky
"RegiStax 5.1" = RegiStax 5.1
"UnityWebPlayer" = Unity Web Player
"Wurm Online 3.0.1a" = Wurm Online 3.0.1a

========== Last 10 Event Log Errors ==========

[ Media Center Events ]
Error - 10/19/2011 7:10:05 AM | Computer Name = Nicky-PC | Source = MCUpdate | ID = 0
Description = 12:10:05 - Error connecting to the internet. 12:10:05 - Unable
to contact server..

Error - 10/19/2011 7:10:16 AM | Computer Name = Nicky-PC | Source = MCUpdate | ID = 0
Description = 12:10:11 - Error connecting to the internet. 12:10:11 - Unable
to contact server..


< End of report >


Sorry but I need to go bed, it's 23.50 for me, I shall pick this up in the morning :) Thanks so much for the help so far

Edited by NickyM, 02 February 2012 - 05:51 PM.

  • 0

#8
RKinner
Posted 02 February 2012 - 07:05 PM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
I was taking a nap so don't feel bad about going to bed. There doesn't
seem to be any malware or other problems. You might try your Updates and see if they work now. Otherwise looks like we are done except for the cleanup:

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
NickyM
Posted 03 February 2012 - 04:02 AM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok done what you asked, albeit from removing combofix as I put the files in one folder in documents, how do I remove it? I still can't update my PC, I now have error codes 800f0826 for SP1 KB976932 and KB632503, error code 80092004 for IE9 update and error code 80070005 for KB2529073. I followed the links in the error box for code 800f0826 (said find an update without that error code) followed MS instructions, downloaded the KB2529073 update and it still failed to configure windows. I'm lost with this. I have done what MS say to do....is this fixable? The system update readiness tool did pick up 2 corrupt files but I am unsure what to do from there. This is the LOG:


=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 13.0
2012-01-02 10:34

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs
(f) CBS MUM Corrupt 0x80070026 servicing\Packages\Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0.mum Line 1: XJ
(f) CBS Catalog Corrupt 0x800B0100 servicing\Packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.cat

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store
(f) CSI Manifest Missing 0x00000002 x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_8.0.7600.16800_none_85fad4ab5f742796.manifest x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_8.0.7600.16800_none_85fad4ab5f742796
(fix) CSI Manifest Missing CSI File Replaced File: x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_8.0.7600.16800_none_85fad4ab5f742796.manifest From: C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-july15.cab

Summary:
Seconds executed: 2045
Found 3 errors
Fixed 1 errors
CSI Manifest Missing Total count: 1
Fixed: CSI Manifest Missing. Total count: 1
CBS MUM Corrupt Total count: 1
CBS Catalog Corrupt Total count: 1

Unavailable repair files:
servicing\packages\Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0.cat
servicing\packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.cat

Customer Experience report successfully uploaded. Thank you for participating. For more information, see the Microsoft Customer Experience Improvement Program on the Microsoft web site.
  • 0

#10
RKinner
Posted 03 February 2012 - 12:41 PM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
First see if you can uninstall
KB2562937
and
KB2616676
(You will need to click on View Installed Updates)

then

Look and see if you have these two files:

C:\Windows\servicing\Packages\Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0.mum
C:\Windows\servicing\Packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.cat

the tilda (~)'s may indicate that the line was shortened from the original

Delete them if they exist. These are System Hidden files so if you can't see the servicing or Packages folders:

Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

You will probably need to take ownership of the files in order to delete them:

See THE MANUAL WAY, Option 2:
http://www.vistax64....rship-file.html

Then you need to delete the references to the files in the registry. Usually they will be in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\

(You may have to take ownership of a key in order to delete it but that is covered in the link I just gave you.)

Then run your system update readiness tool and see if it still complains.

Since you didn't follow instructions with Combofix you have to change the path to it in the uninstall command:

c:\users\Nicky\Documents\OTL\ComboFix.exe /uninstall
  • 0

#11
NickyM
Posted 04 February 2012 - 09:13 AM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,
I did what you said above, although not command prompt to remove combofix, it said: not recognised as an internal or external command, operable or batch file

The MUM and CAT files were deleted, and the reg keys too, I now have this as the checksur log:

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 13.0
2012-02-04 13:17

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs
(f) CBS Catalog Missing 0x00000002 servicing\Packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.cat

Checking Package Watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-Killbits-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-WinPE-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist

Checking Component Watchlist
(f) CBS Watchlist Component Missing 0x80070002 amd64_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_76422fde04163860 Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 amd64_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_76422fde04163860 Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_1a23945a4bb8c72a Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_1a23945a4bb8c72a Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist

Checking Packages

Checking Component Store



I had ALOT of trouble getting the readiness tool to work, the 'installing' box kept freezing although my PC said checksur was running, I had to stop the process via task manager. At first it tried to load it to my external drive, I didn't tell it to.

I still can't update, through persistance I got ONE to update succesfully (KB2632503) I still have KB2529073 and KB976932 as error 800f0826......and KB976422 error code 80070005....and IE9 update error code 80092004. I tried looking on MS websire about these errors, it's too confusing as it deviates off in all directions.

I hope I did this right. Is there anything I can do to get these updates to work?

Thanks
Nicky
  • 0

#12
RKinner
Posted 04 February 2012 - 10:48 AM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
Seems to have made it worse but with you installing stuff at the same time it's hard to tell.

I found this:

http://technet.micro...779(WS.10).aspx

Seems to be the definitive guide to fixing this type of problem. I would work through it and see if it helps.

If all else fails I believe Microsoft also offers free help with updates. http://support.microsoft.com/ph/6527

Try just

ComboFix.exe  /uninstall

Ron
  • 0

#13
NickyM
Posted 04 February 2012 - 10:55 AM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok will give the guide a go, and the checksur log was done BEFORE I installed anything else....I did as you said deleting the files and reg keys....then ran checksur. Although it didn't work properly, I got that log. It was after that was done I managed to get the one update to install.

Would this help any? I haven't done anything with it....
http://support.microsoft.com/kb/971058

Edited by NickyM, 04 February 2012 - 10:57 AM.

  • 0

#14
NickyM
Posted 05 February 2012 - 10:05 AM

NickyM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I got system update readiness tool to run today, this is the log:


=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 13.0
2012-02-05 10:59

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs
(f) CBS Catalog Missing 0x00000002 servicing\Packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.cat

Checking Package Watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-Killbits-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Package Missing 0x80070002 Microsoft-Windows-WinPE-Package~31bf3856ad364e35~amd64~~0.0.0.0 Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist

Checking Component Watchlist
(f) CBS Watchlist Component Missing 0x80070002 amd64_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_76422fde04163860 Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 amd64_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_76422fde04163860 Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_1a23945a4bb8c72a Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-activexcompat_31bf3856ad364e35_0.0.0.0_none_1a23945a4bb8c72a Package_3_for_KB2562937~31bf3856ad364e35~amd64~~6.1.1.0 Package registry presence failed, possibly an orphaned package on package watchlist

Checking Packages

Checking Component Store

Summary:
Seconds executed: 1567
Found 9 errors
CBS Catalog Missing Total count: 1
CBS Watchlist Package Missing Total count: 4
CBS Watchlist Component Missing Total count: 4

Unavailable repair files:
servicing\packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_for_KB2616676~31bf3856ad364e35~amd64~~6.1.1.0.cat

Customer Experience report successfully uploaded. Thank you for participating. For more information, see the Microsoft Customer Experience Improvement Program on the Microsoft web site.


I have had a look for some of the named files but couldn't fins what I thought I need, could you let me know what I need to find please? Thanks
  • 0

#15
RKinner
Posted 05 February 2012 - 12:26 PM

RKinner

    Malware Expert

  • Expert
  • 23,911 posts
  • MVP
Try the link you found

http://support.microsoft.com/kb/971058

Perhaps their fixit will fixit

You could also try removing any reference to

_KB2616676 from

c:\Windows\winsxs\manifests\
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP