Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

s.m.a.r.t. repair virus

Started by Alexandra D. Porsi , Apr 26 2012 06:51 AM

  • Please log in to reply

#1
Alexandra D. Porsi
Posted 26 April 2012 - 06:51 AM

Alexandra D. Porsi

    Member

  • Member
  • PipPip
  • 34 posts
Yesterday my programs sudden;y started shutting down and then I got popups about how my hard drive crashed. Then a "s.m.a.r.t. check" program started running telling me it was trying to salvage my hard drive. I rebooted, and got the same messages and the same "s.m.a.r.t. check" program opening. This happens whenever I reboot.

Now I have nothing in my taskbar or my start menu.

MS Security Essentials found four instances of Trojan:Win32/FakeSysdef and one of Exploit:Java/CVE-2010-4452, and keeps saying it's removing them, but it's utterly useless, because when I reboot, the mess is still there. Oh and also, since this happened yesterday, whenever I download my emails to Thunderbird, I get multiple instances of the same emails whenever I check my mail.

THANKS so much for any help you can give me.
  • 0

Advertisements

#2
RKinner
Posted 26 April 2012 - 11:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Try Safe Mode with Networking

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

If this is the same bug that I know then it won't come up in this mode. You can then

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Alexandra D. Porsi
Posted 26 April 2012 - 01:46 PM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thank you for your help.

OTL logfile created on: 4/26/2012 3:37:23 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.28% Memory free
6.19 Gb Paging File | 5.17 Gb Available in Paging File | 83.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 20.93 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 198.52 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 255.67 Gb Free Space | 54.91% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 15:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
PRC - [2012/04/25 17:33:14 | 000,924,600 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/24 17:32:38 | 001,716,784 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2012/03/23 11:16:14 | 000,180,648 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/08 21:31:28 | 000,079,872 | -H-- | M] (SanDisk Corporation) -- C:\Users\alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/17 01:28:48 | 000,818,176 | -H-- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | -H-- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006/09/28 16:20:00 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/26 10:51:17 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\bb59367b0fe74f712ada2b428dfae27e\PCGPostBootResources.ni.dll
MOD - [2012/04/26 10:51:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\46ce461efb05e22ee95c3bb3dc6ea57a\PCGHIDProbe.ni.dll
MOD - [2012/04/26 10:51:17 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\314d85da1d125dd808783c45ecb78afe\PCGRSPProbe.ni.dll
MOD - [2012/04/26 10:51:16 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\e6124e9982d6012a1c4f370f473a07a1\Community.CsharpSqlite.ni.dll
MOD - [2012/04/26 10:51:15 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\206a8c5a109cb7712169e738c712bc1d\PCGWuInfo.ni.dll
MOD - [2012/04/26 10:51:15 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\fb4a2eb4e6734597ceb50b4a14984352\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012/04/26 10:51:14 | 000,177,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\7259192f480c116200d1c6db9f6637e4\PCGAppControlPluginLoader.ni.dll
MOD - [2012/04/26 10:51:14 | 000,067,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\fb024855b4c85b2d3c4b7686e4524e2e\PCGUsersCenter.ni.dll
MOD - [2012/04/26 10:51:13 | 004,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\2d6baa7b56c5b90a9192030319507adf\PCGClientCommon.ni.dll
MOD - [2012/04/26 10:51:09 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\3f626f0c59a0727dedff05552d32be6a\PCGBootVisualizingCommon.ni.dll
MOD - [2012/04/26 10:51:08 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\ca6517ae52900df33444733cdddf4579\PCGConfiguration.ni.dll
MOD - [2012/04/26 10:51:06 | 003,942,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\e20bf999d9f4e8e15caaed2d6f30b448\PCGDatabase.ni.dll
MOD - [2012/04/26 10:51:03 | 001,356,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\65ac88b7b25cf1d482a1ce6808d51cfb\PCGAzureShared.ni.dll
MOD - [2012/04/26 10:51:03 | 000,048,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\f574a40e270583b5e9bb8c4ee6822926\PCGAzureEntityFramework.ni.dll
MOD - [2012/04/26 10:51:02 | 001,290,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\bdaed6a39defa75aad47cf36fa1f1a54\PCGCommunication.ni.dll
MOD - [2012/04/26 10:50:59 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\04f6adeeba66f36a3c4b3f17babf97ed\PCGDriverProbe.ni.dll
MOD - [2012/04/26 10:50:58 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\9d368d4e540942c17a2de5becf3c6d5f\PCGPreCompiled.ni.dll
MOD - [2012/04/26 10:50:56 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\393b0aa8da675735c82bac6b966a92da\Ionic.Zip.Reduced.ni.dll
MOD - [2012/04/26 10:50:56 | 000,206,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\116f6409e5e93341e243ed3a142bc752\PCGPrestoSerializer.ni.dll
MOD - [2012/04/26 10:50:53 | 002,665,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\6e8a390df32136e9fc9b7356d8d84c86\PCGFramework.ni.dll
MOD - [2012/04/26 10:50:49 | 002,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\fed6e2336954f04a17f28acf5d8bdc5d\Soluto.ni.exe
MOD - [2012/04/25 17:33:13 | 001,952,696 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/24 17:13:38 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2012/04/13 17:18:30 | 008,797,344 | -H-- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | -H-- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/08/09 16:10:00 | 002,516,480 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\08d43352c20674454742c5bc699b2da9\System.Data.Linq.ni.dll
MOD - [2011/08/09 16:09:06 | 002,295,296 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll
MOD - [2011/08/09 16:09:01 | 000,212,992 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/08/09 16:08:18 | 012,430,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/08/09 16:08:09 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/08/09 16:08:04 | 005,450,752 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/08/09 16:07:57 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/08/09 16:07:45 | 007,950,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/08/09 16:07:23 | 011,490,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/04/13 15:32:14 | 000,165,376 | -H-- | M] () -- C:\Program Files\Taskbar Shuffle\tbhookin.dll
MOD - [2007/05/22 10:59:22 | 000,128,512 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/25 17:33:15 | 000,129,976 | -H-- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/04/13 17:18:31 | 000,253,088 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/11 13:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 11:48:12 | 000,025,704 | RH-- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/04/19 19:43:50 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/03 11:24:29 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | -H-- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/02/23 11:43:54 | 000,307,200 | -H-- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/28 16:20:00 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2011/07/28 06:27:08 | 000,121,464 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/12/24 15:27:44 | 000,025,704 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 15:27:44 | 000,025,704 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 15:27:44 | 000,025,704 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 15:27:44 | 000,025,704 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 15:27:44 | 000,025,704 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/10/24 22:25:38 | 000,054,144 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 02:48:12 | 001,177,624 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/02 04:44:10 | 000,056,572 | -H-- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/15 01:15:42 | 000,813,696 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/06 22:24:08 | 001,040,544 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/04/06 22:24:08 | 000,110,624 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/17 09:07:00 | 007,624,192 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/06 15:01:48 | 000,016,512 | -H-- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/02 03:36:43 | 002,028,032 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/11/02 16:47:26 | 000,010,368 | RH-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/21 15:03:22 | 000,078,976 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/03/19 10:29:16 | 000,014,165 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.netflix.c...Now?lnkctr=mhWN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/02/14 14:33:29 | 000,000,000 | -H-D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:26:36 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/14 10:29:27 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 17:33:15 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 10:19:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/22 08:24:53 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/14 10:19:31 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\alex\AppData\Roaming\Move Networks [2009/10/03 09:23:25 | 000,000,000 | -H-D | M]

[2010/01/24 15:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions
[2010/01/24 15:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/15 21:00:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2012/04/25 21:21:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions
[2011/07/02 09:53:10 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/01 13:22:26 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/02 13:40:43 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/16 09:36:02 | 000,000,000 | -H-D | M] (ChromEdit Plus) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/03/11 11:12:24 | 000,000,000 | -H-D | M] (Search Toolbar) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/02/20 13:03:58 | 000,000,000 | -H-D | M] (TinEye Reverse Image Search) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2012/01/12 19:52:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/25 17:33:14 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/04 23:02:56 | 001,642,496 | -H-- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2005/11/29 18:28:00 | 000,626,688 | -H-- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll
[2012/02/15 11:06:20 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 11:06:20 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: ebrary Reader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPinfotl.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/08/12 18:14:25 | 000,000,098 | -H-- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235DD92E-E440-412C-938E-2422C8087442}: DhcpNameServer = 68.87.75.194 68.87.64.146 68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35148E20-38E3-4AD5-BE2B-B0D81E7D89B2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\alex\Desktop\for tumblr\red\tumblr_lnumhhpSHP1qz6f9yo1_500.jpg
O24 - Desktop BackupWallPaper: C:\Users\alex\Desktop\for tumblr\red\tumblr_lnumhhpSHP1qz6f9yo1_500.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/12 10:36:24 | 000,000,000 | -H-D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 15:36:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2012/04/26 10:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/04/26 10:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/04/25 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\RK_Quarantine
[2012/04/25 19:06:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\HitmanPro
[2012/04/25 19:05:01 | 007,247,536 | -H-- | C] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro36.exe
[2012/04/25 17:38:38 | 000,000,000 | -H-D | C] -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/04/25 17:33:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/25 17:33:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mozilla
[2012/04/19 19:19:54 | 000,000,000 | -H-D | C] -- C:\Users\alex\Desktop\op art
[2012/04/02 18:11:33 | 000,418,464 | -H-- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/26 15:41:28 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A482A68-0330-4A8D-9FD3-200B36A2F2C2}.job
[2012/04/26 15:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2012/04/26 15:32:26 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:32:26 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:32:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 15:21:00 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 15:18:00 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 13:44:00 | 000,000,868 | -H-- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/25 20:41:46 | 001,280,512 | ---- | M] () -- C:\Users\alex\Desktop\RogueKiller.exe
[2012/04/25 19:23:45 | 000,000,832 | -H-- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.exe - Shortcut.lnk
[2012/04/25 19:17:52 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-99pTpasZWTBhuXr
[2012/04/25 19:17:52 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-99pTpasZWTBhuX
[2012/04/25 19:17:46 | 000,000,256 | -H-- | M] () -- C:\ProgramData\99pTpasZWTBhuX
[2012/04/25 19:15:07 | 000,055,084 | -H-- | M] () -- C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/25 19:15:07 | 000,055,084 | -H-- | M] () -- C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/25 19:15:07 | 000,000,788 | -H-- | M] () -- C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/25 19:12:55 | 000,000,633 | -H-- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/25 19:12:29 | 000,221,696 | -H-- | M] () -- C:\ProgramData\99pTpasZWTBhuX.exe
[2012/04/25 19:05:17 | 007,247,536 | -H-- | M] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro36.exe
[2012/04/25 17:54:16 | 000,328,496 | -H-- | M] () -- C:\Users\alex\Desktop\vista-32-sm-reset.exe
[2012/04/25 17:38:38 | 000,000,609 | -H-- | M] () -- C:\Users\alex\Desktop\Data_Recovery.lnk
[2012/04/25 17:30:44 | 000,300,544 | -H-- | M] () -- C:\ProgramData\LHWmcRqHquM.exe
[2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2012/04/18 19:21:38 | 000,600,450 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/18 19:21:38 | 000,102,988 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/18 10:00:02 | 000,168,339 | -H-- | M] () -- C:\Users\alex\Desktop\21317414567(2).htm
[2012/04/18 09:59:56 | 000,172,752 | -H-- | M] () -- C:\Users\alex\Desktop\21317414567.htm
[2012/04/18 08:14:34 | 000,415,855 | -H-- | M] () -- C:\Users\alex\Desktop\choreography for belly dance.pdf
[2012/04/13 17:18:31 | 000,418,464 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 17:18:31 | 000,070,304 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/11 08:58:00 | 000,130,003 | -H-- | M] () -- C:\Users\alex\Desktop\themostawesomestoryieverhe.jpg
[2012/04/06 19:16:40 | 000,186,092 | -H-- | M] () -- C:\Users\alex\Desktop\Exotic Identities - Dance, Difference,.pdf
[2012/04/06 19:16:23 | 001,322,829 | -H-- | M] () -- C:\Users\alex\Desktop\The Many Faces of Spirituality - A Conceptual Framework.pdf
[2012/04/06 19:15:22 | 000,146,373 | -H-- | M] () -- C:\Users\alex\Desktop\Sacred Embodiment - Fertility Ritual, Mother Goddess, and Cultures of Belly Dance.pdf
[2012/04/04 15:56:40 | 000,022,344 | -H-- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/25 20:41:46 | 001,280,512 | ---- | C] () -- C:\Users\alex\Desktop\RogueKiller.exe
[2012/04/25 19:23:45 | 000,000,832 | -H-- | C] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.exe - Shortcut.lnk
[2012/04/25 19:12:56 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-99pTpasZWTBhuXr
[2012/04/25 19:12:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-99pTpasZWTBhuX
[2012/04/25 19:12:51 | 000,000,256 | -H-- | C] () -- C:\ProgramData\99pTpasZWTBhuX
[2012/04/25 19:12:28 | 000,221,696 | -H-- | C] () -- C:\ProgramData\99pTpasZWTBhuX.exe
[2012/04/25 18:28:38 | 000,000,633 | -H-- | C] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/25 17:54:18 | 000,328,496 | -H-- | C] () -- C:\Users\alex\Desktop\vista-32-sm-reset.exe
[2012/04/25 17:38:38 | 000,000,609 | -H-- | C] () -- C:\Users\alex\Desktop\Data_Recovery.lnk
[2012/04/25 17:32:53 | 000,300,544 | -H-- | C] () -- C:\ProgramData\LHWmcRqHquM.exe
[2012/04/18 10:00:02 | 000,168,339 | -H-- | C] () -- C:\Users\alex\Desktop\21317414567(2).htm
[2012/04/18 09:59:56 | 000,172,752 | -H-- | C] () -- C:\Users\alex\Desktop\21317414567.htm
[2012/04/18 08:14:33 | 000,415,855 | -H-- | C] () -- C:\Users\alex\Desktop\choreography for belly dance.pdf
[2012/04/11 08:57:57 | 000,130,003 | -H-- | C] () -- C:\Users\alex\Desktop\themostawesomestoryieverhe.jpg
[2012/04/09 18:27:55 | 130,462,258 | -H-- | C] () -- C:\Users\alex\Desktop\999576_japanese_enema_squirting_schoolgirls_torture_censored.flv
[2012/04/06 19:16:40 | 000,186,092 | -H-- | C] () -- C:\Users\alex\Desktop\Exotic Identities - Dance, Difference,.pdf
[2012/04/06 19:16:23 | 001,322,829 | -H-- | C] () -- C:\Users\alex\Desktop\The Many Faces of Spirituality - A Conceptual Framework.pdf
[2012/04/06 19:15:22 | 000,146,373 | -H-- | C] () -- C:\Users\alex\Desktop\Sacred Embodiment - Fertility Ritual, Mother Goddess, and Cultures of Belly Dance.pdf
[2012/04/02 18:11:34 | 000,000,830 | -H-- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/08/20 14:35:26 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/28 09:35:50 | 000,021,064 | -H-- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/15 19:58:04 | 000,000,107 | -H-- | C] () -- C:\Windows\IfoEdit.INI
[2011/04/02 09:19:45 | 002,440,206 | -H-- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p04].bmp
[2011/01/01 16:32:48 | 000,134,656 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/15 09:46:35 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/09/12 19:55:38 | 000,000,021 | -H-- | C] () -- C:\Windows\SurCode.INI
[2010/06/12 19:47:53 | 000,000,411 | -H-- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc


OTL Extras logfile created on: 4/26/2012 3:37:23 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.28% Memory free
6.19 Gb Paging File | 5.17 Gb Available in Paging File | 83.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 20.93 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 198.52 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 255.67 Gb Free Space | 54.91% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (Just Great Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2442573536-1488855162-1681777626-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A61068E-AF51-47A0-AF56-654D0EABE249}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EB3B3BF-1183-4FE2-85F7-1B6CC4B5159C}" = lport=445 | protocol=6 | dir=in | app=system |
"{15AFAB41-EDA5-40BD-A37C-D9A0161C2CD6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{29CCD703-500C-4D11-B287-A47B44EFD303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B8893A0-3884-4528-BA2E-38A3F8E8CF60}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3E49A225-E678-4DDE-9015-6553E45A69B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{4038EFFB-7D71-41E1-B0AE-FD532312E8D5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6040620C-592E-408B-8E3B-AF68998902BF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6B78FB99-7797-4CDC-AE23-201C5766E4CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CEF94DE-5587-4AE9-8759-A56E662A2D0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7F18FCC7-B8E6-4A2E-86DA-95604B5DB3F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{82223F1B-E3E6-4AF4-90D6-1EFE2B915501}" = lport=137 | protocol=17 | dir=in | app=system |
"{9547474B-A7D5-42F8-9665-AF37D113CC61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B635F82A-DD9A-4A45-8AB4-90BBC3CA0F13}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBEE5015-0BA3-4BD8-82FF-4ADC29448508}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1C45677-C154-4B69-AE03-5F86A20F65BD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A318EF-1D3D-487C-A2B8-3DB7916207B9}" = protocol=1 | dir=out | [email protected],-28544 |
"{052F3C07-3AE3-493C-B8F6-0EE6A483AF2A}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{085A49E2-09B2-4678-ABD9-ABEEC723C46C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0A759F7D-4116-422F-B650-83AF42D47233}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{0B0C296D-322E-41A3-A558-94A82EC98E62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{162569D2-1D83-47F3-A830-78F4FC792DA2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1F2C3B31-DF0D-4561-9D20-7EEEECE9A838}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{245FAF7D-EC39-41AC-B53E-12E9141E3C3B}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"{2E899EC9-FF02-4952-8A7A-E2DD62156372}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F6487CB-7C36-4073-A714-C07BCEADEE7D}" = protocol=58 | dir=out | [email protected],-28546 |
"{37A15A7E-5A6B-4EDC-9799-A854FAE30C01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{38DC1F46-6EF7-49F9-A0D5-4F8CE3DFDCAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3A0D67DE-CAC0-4599-8768-8C9B44B73DFE}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"{449BB237-6993-455B-AE20-86F19B8ADB02}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F023A69-76F9-46A3-9376-2315ECFF8C3E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{50293A16-D8DD-4CFC-83D1-ACFB8A404F1E}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{56E1C7C2-C1F8-4AA9-9C99-AA23D172ED2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{56F453EE-1FE3-4A55-AE71-1FBFC9DC97CD}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{5B167275-8EA1-47F3-BB1E-395F39E59025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5D73BD3B-F6AD-4845-9192-340FD00BE82C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5FAAB370-35A4-483A-A483-CF59E4FCF64A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{60547672-D26A-4754-B721-55A8FF26E7A3}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{65B84A74-54C9-43C5-945D-A91005A71AF6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{673A2265-5058-44D3-983C-72610D2D9635}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{6B2987AF-C63B-4D82-A0E7-DD2385257BBE}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{6F4A56A5-0388-4FDD-A80D-B8E3EAE0DF26}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{74B015F5-4E97-43E8-A9AE-1006E413E8E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7977FF99-2CC1-4AD9-9E4A-E440A1D6D834}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7A3AC36C-04E4-4281-9AAD-F36F1780E726}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{85D65DFE-7C64-4605-B6FA-21B2BAEE0218}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{85DE0597-FD17-4F0B-BF0C-7723DD3D0D46}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8668AA27-65BC-4FF0-BA9F-FACE96D6CAAD}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8FB2E442-21F5-491D-B246-EF858E4A5DD6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{91D84927-2CDB-46EB-A2B7-3F6A3A894FC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95C519AD-3160-4AE6-9BA2-67D6E6300DBA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CC3DF03-3451-459E-BFBF-1B2FC44B9F55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A46D5082-54D4-465F-BDF5-3846F04DA900}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A96EE951-91BA-4AF1-B89C-03B81A85FA06}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{ACA28629-DB9A-41E4-A47C-3A2FB436230C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AD759016-5028-437D-AAED-2C6B3F105868}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{ADCD8F4E-495B-4CAB-A4B7-29CEF2900295}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B9CCC459-7DEA-462A-8CAD-A742492CDF6F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BC142752-54D9-4EFF-9C0A-EB5E480C0448}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BE8B1420-C6D4-44B9-9833-EDFB2BB922F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BF80347A-CB73-424B-A262-45AFAFAE73D5}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{D18C8CB1-D0A8-4E1F-8335-123302A1E4E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{DECA9B41-B267-45E5-8A5E-35EFEF5C926A}" = protocol=1 | dir=in | [email protected],-28543 |
"{DEE9D2F6-BF23-48DC-8E36-728D35360E76}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{E8641A48-4124-48FE-B732-596E4ED633AC}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{F8BED84C-BD7C-4C44-A02F-AB9921238143}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FA8C1F2A-F973-442F-BC31-641F67C76C82}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{1829060D-62B5-4F08-920F-F4F643EFA910}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{1D47D97C-DF02-4FC8-A5DD-89FE2FBADF2A}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"TCP Query User{2FD0CBEC-F137-4583-B05F-8B1A2ED073F2}C:\users\alex\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"TCP Query User{30CE7D55-E1C0-40B3-80CD-DCDF04A980C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{30D2992F-CC04-403C-B582-91E5B27266EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33C5C8A8-9F2E-4331-970E-3C51E70722A1}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{3834DD30-F508-4387-82C9-18E3D201DC11}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"TCP Query User{3C0FFFAE-BDFC-4FAD-987A-8ABA0946410F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{42E4A520-A33B-48E1-80A6-B07C5E8B2F16}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{57E4977F-7AA9-4904-8DC7-C589A2A9E574}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{68D4A33F-33F1-440D-ACB9-C42DD797FD22}C:\program files\surfoffline 2\so.exe" = protocol=6 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"TCP Query User{785BB600-24A1-4468-8821-AAC3CA16C8BB}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{78A7EE0E-0647-4FEF-AC26-8B6D743133A3}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"TCP Query User{7A23A9EC-9CC3-4226-9DD5-C2682FB56ED0}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"TCP Query User{7D6C0D17-F4D7-4A22-9CC4-9AEBE01CCA4E}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{8678FC81-2728-4571-A37F-ACA241819491}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |
"TCP Query User{971DF3D5-F179-473A-9142-9C519389FE97}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{B42501B5-7770-427B-B2E4-C17F4C15CABA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{D881930A-685D-441A-ADCD-BD2192A33580}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DC0E3183-652B-465F-B6E3-6B0F880E66EB}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"TCP Query User{E35F87D0-E203-4CB4-ACDE-DA1E1AD50D7B}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"TCP Query User{E5AD1E08-8E97-4C8D-9AC0-D5F2B0125D30}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"TCP Query User{F8D5AF4E-0D16-46E0-80C6-4A2315567DDD}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{0AEAC2DC-E4C0-4B3C-9B8A-EDD7EF7CC11B}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"UDP Query User{114FA411-346A-43A8-B5C5-CA666BDFE5C1}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{300CEBD4-9E15-4416-BC1D-4EC197964C6D}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{357F8BF3-4F27-4CD9-ACF7-514D59D7B058}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{528A3A28-5772-452B-9660-4FC2700F0E1C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{73A88C11-E08C-44CA-9A7B-3C7BB60E1751}C:\users\alex\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"UDP Query User{90B02371-218D-4162-887D-08DED3AF7CE0}C:\program files\surfoffline 2\so.exe" = protocol=17 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"UDP Query User{A8B98736-E257-4384-A671-98A0BB6BD10D}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"UDP Query User{AC30836C-8602-4886-BEA1-8D6BCA3F9B3E}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{AE55290B-7DB0-4B57-9860-CD4F6212650F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B79C510D-EEA7-4BC8-A83E-5F98FC70296B}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{B8DC1893-8090-4505-9ACE-BC306624C4C6}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{CF70EC76-5511-4A05-B1E8-7512C1DB26EF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{D61DC1C3-5A89-4A25-B516-B2E15F03AE79}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{E48796F9-B6F8-4A77-A4FA-CB7FA74EBA72}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"UDP Query User{F160B9C5-2232-42C2-BCF2-E2ACC4A195FB}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{F204AC54-C863-42CD-AAD9-EBB595EC0075}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F441128E-475B-4F2C-A7FB-7F19F2197133}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F5FFB246-8AFC-4B90-8EB9-8BBD3E9F01D0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F8899988-8F1E-495C-87BC-673C71CFFD8E}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{FA3BB6E7-3A38-4307-B5B4-C8A94A2A6A86}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"UDP Query User{FB171E7E-46D0-4D48-9CCB-0BE455293748}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"UDP Query User{FD52A11E-63D4-49B6-B4DC-A4E5359AFDB9}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D87A9A8-62B0-486D-BA10-69A1F8963F43}" = NextUp-Acapela Elan Lucy22 UK English Voice
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70E3A868-C269-4E6D-B225-862AADF7D0AF}" = Adobe Creative Suite 4 Production Premium
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9B20A26E-5233-474D-B83A-027D71D0DC32}" = NextUp-Acapela Elan Graham22 UK English Voice
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A595C6BC-D961-4BAD-ACB3-BE599870D1A1}" = NextUp-Acapela Elan Laura22 US English Voice
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA842D69-22DB-456E-95C7-A5C92593C7C4}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD616D0D-48E4-4B6E-AACA-76ABA3147057}" = Soluto
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0928B04-FD1F-4FF1-8834-75A21C2B836C}" = OneNote Search and Replace
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCF4C336-18DB-449B-9238-821B7F28B614}_is1" = Uninstall A Ruler for Windows
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E13249D4-C0D1-42E8-AF82-A117AA008A75}_is1" = XML:Wrench
"{E140C2EC-9D11-4EA6-AED0-79762A642AF6}" = Eudora
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_36ac9dc8c9a94feb9e5886810012e78" = Adobe Creative Suite 4 Production Premium
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AnyDVD" = AnyDVD
"Artisteer 2" = Artisteer 2
"ASIO4ALL v2" = ASIO4ALL v2
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.2
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"EditPad Lite" = Just Great Software EditPad Lite 6.6.0
"EditPad Pro 6" = Just Great Software EditPad Pro 6 DEMO 6.7.0
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"IsoBuster_is1" = IsoBuster 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LookInMyPC" = LookInMyPC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.47b
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"QuickPar" = QuickPar 0.9
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SABnzbd" = SABnzbd 0.6.2
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"SUPER ©" = SUPER © Version 2010.bld.41 (Oct 31, 2010)
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TextAloud MP3_is1" = TextAloud
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verbose" = Verbose Uninstall
"VLC media player" = VLC media player 1.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"VueScan" = VueScan
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.2" = ClosetMaid v1.5.2
"Move Media Player" = Move Media Player
"Sansa Updater" = Sansa Updater
"Spotify" = Spotify
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2011 1:49:44 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/4/2011 1:49:45 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/4/2011 1:49:45 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/4/2011 5:36:42 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 9:32:20 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:08:59 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:09:03 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:09:08 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:09:11 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/9/2011 10:07:24 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 4/15/2010 3:31:47 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/15/2010 5:38:07 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/19/2010 7:22:56 PM | Computer Name = desktop | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 4/19/2010 7:22:56 PM | Computer Name = desktop | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 5/4/2010 3:39:30 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/29/2010 7:39:10 AM | Computer Name = desktop | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 5/29/2010 7:39:14 AM | Computer Name = desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 7:21:12 AM | Computer Name = desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 7:21:15 AM | Computer Name = desktop | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 2/1/2011 3:22:45 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/4/2011 9:20:22 PM | Computer Name = desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/18/2012 8:21:57 PM | Computer Name = desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2700
seconds with 1680 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


< End of report >
  • 0

#4
RKinner
Posted 26 April 2012 - 05:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 F3 3D 06 4D B7 22 47 B1 57 05 BF 86 76 7B D5 [binary data]
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
[2012/04/01 13:22:26 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/11 11:12:24 | 000,000,000 | -H-D | M] (Search Toolbar) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O32 - AutoRun File - [2009/02/12 10:36:24 | 000,000,000 | -H-D | M] - L:\autorun -- [ FAT32 ]
[2012/04/25 19:17:52 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-99pTpasZWTBhuXr
[2012/04/25 19:17:52 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-99pTpasZWTBhuX
[2012/04/25 19:17:46 | 000,000,256 | -H-- | M] () -- C:\ProgramData\99pTpasZWTBhuX
[2012/04/25 19:15:07 | 000,055,084 | -H-- | M] () -- C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/25 19:15:07 | 000,055,084 | -H-- | M] () -- C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/25 19:15:07 | 000,000,788 | -H-- | M] () -- C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/25 19:12:55 | 000,000,633 | -H-- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/25 19:12:29 | 000,221,696 | -H-- | M] () -- C:\ProgramData\99pTpasZWTBhuX.exe
[2012/04/25 17:54:16 | 000,328,496 | -H-- | M] () -- C:\Users\alex\Desktop\vista-32-sm-reset.exe
[2012/04/25 17:38:38 | 000,000,609 | -H-- | M] () -- C:\Users\alex\Desktop\Data_Recovery.lnk
[2012/04/25 17:30:44 | 000,300,544 | -H-- | M] () -- C:\ProgramData\LHWmcRqHquM.exe
[2012/04/25 19:23:45 | 000,000,832 | -H-- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.exe - Shortcut.lnk

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE the free version of Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#5
Alexandra D. Porsi
Posted 26 April 2012 - 06:58 PM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1\ deleted successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]\components folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Program Files\BAE\BAE.dll moved successfully.
File not found.
C:\ProgramData\-99pTpasZWTBhuXr moved successfully.
C:\ProgramData\-99pTpasZWTBhuX moved successfully.
C:\ProgramData\99pTpasZWTBhuX moved successfully.
C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx moved successfully.
C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx moved successfully.
C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx moved successfully.
C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\ProgramData\99pTpasZWTBhuX.exe moved successfully.
C:\Users\alex\Desktop\vista-32-sm-reset.exe moved successfully.
C:\Users\alex\Desktop\Data_Recovery.lnk moved successfully.
C:\ProgramData\LHWmcRqHquM.exe moved successfully.
C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.exe - Shortcut.lnk moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\Users\alex\AppData\Local\Temp\smtmp\2\Data_Recovery.lnk
1 File(s) copied
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: alex
->Flash cache emptied: 168271 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Premiere Alex

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: alex
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Premiere Alex

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 04262012_194746

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
Alexandra D. Porsi
Posted 27 April 2012 - 07:55 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
alex :: DESKTOP [administrator]

4/27/2012 9:46:51 AM
mbam-log-2012-04-27 (09-46-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237770
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#7
Alexandra D. Porsi
Posted 27 April 2012 - 08:54 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ComboFix 12-04-27.01 - alex 04/27/2012 10:09:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1573 [GMT -4:00]
Running from: c:\users\alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\alex\AppData\Local\assembly\tmp
c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\weave\toFetch
c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\weave\toFetch\clients.json
c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\weave\toFetch\tabs.json
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 14:19 . 2012-04-27 14:20 -------- d-----w- c:\users\alex\AppData\Local\temp
2012-04-27 14:19 . 2012-04-27 14:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-27 14:19 . 2012-04-27 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 14:19 . 2012-04-27 14:19 -------- d-----w- c:\users\Premiere Alex\AppData\Local\temp
2012-04-27 13:45 . 2012-04-27 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-27 13:45 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 01:23 . 2012-04-27 01:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B88F42D-8AF7-4656-BD95-D4DBD7977579}\MpKslc79087bc.sys
2012-04-27 01:21 . 2012-04-27 01:21 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B88F42D-8AF7-4656-BD95-D4DBD7977579}\offreg.dll
2012-04-26 23:47 . 2012-04-26 23:47 -------- d-----w- C:\_OTL
2012-04-26 19:44 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B88F42D-8AF7-4656-BD95-D4DBD7977579}\mpengine.dll
2012-04-26 14:50 . 2012-04-26 14:50 -------- d-----w- c:\program files\Soluto
2012-04-25 23:06 . 2012-04-25 23:08 -------- d-----w- c:\programdata\HitmanPro
2012-04-25 21:33 . 2012-04-25 21:33 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 21:33 . 2012-04-25 21:33 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 21:33 . 2012-04-25 21:33 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-02 22:11 . 2012-04-13 21:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 21:13 . 2011-05-20 01:35 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-13 21:18 . 2011-05-21 19:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2010-04-18 05:41 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 14:33 . 2012-02-10 14:35 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3737006-EAA8-4E33-8A99-FEE52F222597}\gapaengine.dll
2012-01-31 12:44 . 2010-03-26 20:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-25 21:33 . 2011-03-23 22:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-13 68856]
"SansaDispatch"="c:\users\alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-09 79872]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-31 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^systemcleaner.lnk]
path=c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemcleaner.lnk
backup=c:\windows\pss\systemcleaner.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 23:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-11-28 20:56 19456 ----a-w- c:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 04:55 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTXFIREG]
2009-06-04 04:50 47104 ----a-w- c:\windows\System32\CTxfiReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 19:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 13:07 8497696 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-13 21:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Shuffle]
2008-04-17 05:28 818176 ----a-w- c:\program files\Taskbar Shuffle\taskbarshuffle.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-10 00:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-09-28 20:46 155648 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 12:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2442573536-1488855162-1681777626-1000]
"EnableNotificationsRef"=dword:00000002
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC79087BC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:18]
.
2012-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-13 00:59]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-18 17:36]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-18 17:36]
.
2012-04-27 c:\windows\Tasks\User_Feed_Synchronization-{7A482A68-0330-4A8D-9FD3-200B36A2F2C2}.job
- c:\windows\system32\msfeedssync.exe [2011-08-09 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.tumblr.com/dashboard
FF - prefs.js: keyword.URL - hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 10:20
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\users\alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe???????????RegSetStringWKeyWithValue???????????$???0???`??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2442573536-1488855162-1681777626-1000)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"
.
[HKEY_USERS\S-1-5-21-2442573536-1488855162-1681777626-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
Completion time: 2012-04-27 10:27:45
ComboFix-quarantined-files.txt 2012-04-27 14:27
.
Pre-Run: 38,269,657,088 bytes free
Post-Run: 38,279,405,568 bytes free
.
- - End Of File - - 5F47D5DE2B933DB55C34B95033E4A4EC
  • 0

#8
Alexandra D. Porsi
Posted 27 April 2012 - 08:57 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
10:55:51.0536 2604 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
10:55:51.0861 2604 ============================================================
10:55:51.0861 2604 Current date / time: 2012/04/27 10:55:51.0861
10:55:51.0861 2604 SystemInfo:
10:55:51.0861 2604
10:55:51.0861 2604 OS Version: 6.0.6001 ServicePack: 1.0
10:55:51.0861 2604 Product type: Workstation
10:55:51.0861 2604 ComputerName: DESKTOP
10:55:51.0861 2604 UserName: alex
10:55:51.0861 2604 Windows directory: C:\Windows
10:55:51.0861 2604 System windows directory: C:\Windows
10:55:51.0861 2604 Processor architecture: Intel x86
10:55:51.0861 2604 Number of processors: 2
10:55:51.0861 2604 Page size: 0x1000
10:55:51.0861 2604 Boot type: Normal boot
10:55:51.0861 2604 ============================================================
10:55:52.0305 2604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:55:52.0314 2604 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:55:52.0318 2604 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:55:58.0885 2604 ============================================================
10:55:58.0885 2604 \Device\Harddisk0\DR0:
10:55:58.0893 2604 MBR partitions:
10:55:58.0893 2604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
10:55:58.0893 2604 \Device\Harddisk1\DR1:
10:55:58.0911 2604 MBR partitions:
10:55:58.0911 2604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
10:55:58.0911 2604 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x24012800
10:55:58.0911 2604 \Device\Harddisk2\DR2:
10:55:58.0912 2604 MBR partitions:
10:55:58.0912 2604 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
10:55:58.0912 2604 ============================================================
10:55:58.0961 2604 C: <-> \Device\Harddisk1\DR1\Partition1
10:55:58.0993 2604 D: <-> \Device\Harddisk0\DR0\Partition0
10:55:59.0019 2604 E: <-> \Device\Harddisk1\DR1\Partition0
10:55:59.0020 2604 L: <-> \Device\Harddisk2\DR2\Partition0
10:55:59.0020 2604 ============================================================
10:55:59.0020 2604 Initialize success
10:55:59.0020 2604 ============================================================
10:56:17.0627 2476 ============================================================
10:56:17.0627 2476 Scan started
10:56:17.0627 2476 Mode: Manual;
10:56:17.0627 2476 ============================================================
10:56:18.0069 2476 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
10:56:18.0081 2476 ACPI - ok
10:56:18.0137 2476 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
10:56:18.0138 2476 adfs - ok
10:56:18.0478 2476 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:56:18.0479 2476 Adobe LM Service - ok
10:56:18.0637 2476 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
10:56:18.0646 2476 Adobe Version Cue CS4 - ok
10:56:18.0745 2476 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:56:18.0746 2476 AdobeARMservice - ok
10:56:18.0867 2476 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:56:18.0871 2476 AdobeFlashPlayerUpdateSvc - ok
10:56:18.0941 2476 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:56:18.0957 2476 adp94xx - ok
10:56:18.0984 2476 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:56:18.0986 2476 adpahci - ok
10:56:19.0012 2476 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:56:19.0017 2476 adpu160m - ok
10:56:19.0035 2476 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:56:19.0039 2476 adpu320 - ok
10:56:19.0205 2476 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
10:56:19.0205 2476 ADVService - ok
10:56:19.0230 2476 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:56:19.0231 2476 AeLookupSvc - ok
10:56:19.0292 2476 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
10:56:19.0308 2476 AFD - ok
10:56:19.0429 2476 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
10:56:19.0430 2476 agp440 - ok
10:56:19.0467 2476 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:56:19.0469 2476 aic78xx - ok
10:56:19.0506 2476 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:56:19.0507 2476 ALG - ok
10:56:19.0523 2476 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
10:56:19.0524 2476 aliide - ok
10:56:19.0545 2476 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
10:56:19.0547 2476 amdagp - ok
10:56:19.0575 2476 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
10:56:19.0575 2476 amdide - ok
10:56:19.0592 2476 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:56:19.0593 2476 AmdK7 - ok
10:56:19.0603 2476 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:56:19.0605 2476 AmdK8 - ok
10:56:19.0661 2476 AnyDVD (7684252281cfb197ac4c38b33ac5b2a6) C:\Windows\system32\Drivers\AnyDVD.sys
10:56:19.0665 2476 AnyDVD - ok
10:56:19.0706 2476 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:56:19.0707 2476 Appinfo - ok
10:56:19.0740 2476 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:56:19.0741 2476 arc - ok
10:56:19.0774 2476 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:56:19.0775 2476 arcsas - ok
10:56:19.0862 2476 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\Windows\system32\drivers\ASPI32.sys
10:56:19.0866 2476 ASPI32 - ok
10:56:19.0928 2476 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:19.0928 2476 AsyncMac - ok
10:56:19.0986 2476 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:56:19.0986 2476 atapi - ok
10:56:20.0106 2476 ATIAVPCI (c445d1e73e891833a065bb8fac445f7e) C:\Windows\system32\DRIVERS\atinavrr.sys
10:56:20.0118 2476 ATIAVPCI - ok
10:56:20.0250 2476 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
10:56:20.0263 2476 AudioEndpointBuilder - ok
10:56:20.0269 2476 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
10:56:20.0272 2476 Audiosrv - ok
10:56:20.0341 2476 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:56:20.0343 2476 b57nd60x - ok
10:56:20.0379 2476 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:56:20.0380 2476 Beep - ok
10:56:20.0422 2476 BFE (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
10:56:20.0438 2476 BFE - ok
10:56:20.0515 2476 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
10:56:20.0539 2476 BITS - ok
10:56:20.0542 2476 blbdrive - ok
10:56:20.0617 2476 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
10:56:20.0618 2476 Bonjour Service - ok
10:56:20.0650 2476 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
10:56:20.0651 2476 bowser - ok
10:56:20.0683 2476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:56:20.0684 2476 BrFiltLo - ok
10:56:20.0707 2476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:56:20.0707 2476 BrFiltUp - ok
10:56:20.0885 2476 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:56:20.0895 2476 Browser - ok
10:56:21.0008 2476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:56:21.0009 2476 Brserid - ok
10:56:21.0047 2476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:56:21.0048 2476 BrSerWdm - ok
10:56:21.0089 2476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:56:21.0090 2476 BrUsbMdm - ok
10:56:21.0104 2476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:56:21.0104 2476 BrUsbSer - ok
10:56:21.0134 2476 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:56:21.0135 2476 BTHMODEM - ok
10:56:21.0322 2476 catchme - ok
10:56:21.0346 2476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:56:21.0358 2476 cdfs - ok
10:56:21.0388 2476 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
10:56:21.0390 2476 cdrom - ok
10:56:21.0438 2476 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
10:56:21.0440 2476 CertPropSvc - ok
10:56:21.0473 2476 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:56:21.0474 2476 circlass - ok
10:56:21.0513 2476 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
10:56:21.0524 2476 CLFS - ok
10:56:21.0757 2476 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:21.0785 2476 clr_optimization_v2.0.50727_32 - ok
10:56:21.0801 2476 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
10:56:21.0802 2476 cmdide - ok
10:56:21.0848 2476 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:56:21.0849 2476 Compbatt - ok
10:56:21.0853 2476 COMSysApp - ok
10:56:21.0898 2476 cpuz135 - ok
10:56:21.0939 2476 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:56:21.0941 2476 crcdisk - ok
10:56:22.0561 2476 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:56:22.0562 2476 Creative Audio Engine Licensing Service - ok
10:56:22.0591 2476 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe
10:56:22.0592 2476 Creative Service for CDROM Access - ok
10:56:22.0611 2476 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:56:22.0613 2476 Crusoe - ok
10:56:22.0934 2476 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
10:56:22.0936 2476 CryptSvc - ok
10:56:22.0999 2476 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
10:56:23.0000 2476 CT20XUT - ok
10:56:23.0016 2476 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
10:56:23.0017 2476 CT20XUT.SYS - ok
10:56:23.0110 2476 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
10:56:23.0113 2476 ctac32k - ok
10:56:23.0309 2476 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
10:56:23.0313 2476 ctaud2k - ok
10:56:23.0498 2476 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
10:56:23.0500 2476 CTAudSvcService - ok
10:56:23.0675 2476 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
10:56:23.0677 2476 ctdvda2k - ok
10:56:23.0803 2476 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
10:56:23.0814 2476 CTEXFIFX - ok
10:56:23.0996 2476 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
10:56:24.0005 2476 CTEXFIFX.SYS - ok
10:56:24.0071 2476 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
10:56:24.0071 2476 CTHWIUT - ok
10:56:24.0077 2476 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
10:56:24.0078 2476 CTHWIUT.SYS - ok
10:56:24.0141 2476 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
10:56:24.0142 2476 ctprxy2k - ok
10:56:24.0159 2476 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
10:56:24.0160 2476 ctsfm2k - ok
10:56:24.0306 2476 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
10:56:24.0335 2476 DcomLaunch - ok
10:56:24.0365 2476 ddduqcku - ok
10:56:24.0427 2476 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
10:56:24.0429 2476 DfsC - ok
10:56:24.0488 2476 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
10:56:24.0499 2476 Dhcp - ok
10:56:24.0528 2476 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
10:56:24.0529 2476 disk - ok
10:56:24.0564 2476 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
10:56:24.0570 2476 Dnscache - ok
10:56:24.0606 2476 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
10:56:24.0618 2476 dot3svc - ok
10:56:24.0676 2476 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:56:24.0681 2476 Dot4 - ok
10:56:24.0695 2476 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:56:24.0696 2476 Dot4Print - ok
10:56:24.0713 2476 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:56:24.0714 2476 dot4usb - ok
10:56:24.0760 2476 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:56:24.0773 2476 DPS - ok
10:56:24.0829 2476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:56:24.0830 2476 drmkaud - ok
10:56:24.0887 2476 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
10:56:24.0905 2476 DXGKrnl - ok
10:56:24.0961 2476 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
10:56:24.0962 2476 e1express - ok
10:56:24.0982 2476 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:56:24.0987 2476 E1G60 - ok
10:56:25.0020 2476 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:56:25.0022 2476 EapHost - ok
10:56:25.0081 2476 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
10:56:25.0085 2476 Ecache - ok
10:56:25.0223 2476 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:56:25.0235 2476 ehRecvr - ok
10:56:25.0274 2476 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:56:25.0279 2476 ehSched - ok
10:56:25.0333 2476 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:56:25.0348 2476 ehstart - ok
10:56:25.0463 2476 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:56:25.0463 2476 ElbyCDIO - ok
10:56:25.0589 2476 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:56:25.0591 2476 elxstor - ok
10:56:25.0678 2476 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
10:56:25.0696 2476 EMDMgmt - ok
10:56:25.0764 2476 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
10:56:25.0765 2476 emupia - ok
10:56:25.0806 2476 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
10:56:25.0815 2476 EventSystem - ok
10:56:25.0855 2476 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
10:56:25.0858 2476 exfat - ok
10:56:25.0893 2476 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
10:56:25.0898 2476 fastfat - ok
10:56:25.0924 2476 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:56:25.0925 2476 fdc - ok
10:56:25.0953 2476 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:56:25.0955 2476 fdPHost - ok
10:56:25.0979 2476 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:56:25.0981 2476 FDResPub - ok
10:56:26.0032 2476 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:56:26.0034 2476 FileInfo - ok
10:56:26.0059 2476 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:56:26.0060 2476 Filetrace - ok
10:56:26.0176 2476 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:56:26.0224 2476 FLEXnet Licensing Service - ok
10:56:26.0257 2476 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:26.0258 2476 flpydisk - ok
10:56:26.0315 2476 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
10:56:26.0323 2476 FltMgr - ok
10:56:26.0414 2476 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:56:26.0415 2476 FontCache3.0.0.0 - ok
10:56:26.0443 2476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:56:26.0444 2476 Fs_Rec - ok
10:56:26.0484 2476 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:56:26.0485 2476 gagp30kx - ok
10:56:26.0520 2476 GMSIPCI - ok
10:56:26.0583 2476 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
10:56:26.0999 2476 gpsvc - ok
10:56:27.0593 2476 gupdate1c931484e656eb (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:56:27.0598 2476 gupdate1c931484e656eb - ok
10:56:27.0616 2476 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:56:27.0617 2476 gupdatem - ok
10:56:27.0671 2476 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:56:27.0683 2476 gusvc - ok
10:56:27.0784 2476 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
10:56:27.0792 2476 ha20x2k - ok
10:56:28.0019 2476 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
10:56:28.0019 2476 hamachi - ok
10:56:28.0161 2476 Hamachi2Svc (1e8a0705f9925fad9b2d4f6fc05e1982) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
10:56:28.0194 2476 Hamachi2Svc - ok
10:56:28.0307 2476 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:56:28.0318 2476 HdAudAddService - ok
10:56:28.0366 2476 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:56:28.0367 2476 HDAudBus - ok
10:56:28.0465 2476 HidBatt (f81597498b73caba59e2f0a26ba375ae) C:\Windows\system32\DRIVERS\HidBatt.sys
10:56:28.0545 2476 HidBatt - ok
10:56:28.0586 2476 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:56:28.0587 2476 HidBth - ok
10:56:28.0601 2476 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:56:28.0602 2476 HidIr - ok
10:56:28.0623 2476 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
10:56:28.0625 2476 hidserv - ok
10:56:28.0667 2476 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
10:56:28.0668 2476 HidUsb - ok
10:56:28.0696 2476 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:56:28.0698 2476 hkmsvc - ok
10:56:28.0739 2476 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:56:28.0739 2476 HpCISSs - ok
10:56:29.0254 2476 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:56:29.0261 2476 hpqcxs08 - ok
10:56:29.0315 2476 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:56:29.0319 2476 hpqddsvc - ok
10:56:29.0535 2476 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
10:56:29.0550 2476 HTTP - ok
10:56:29.0574 2476 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:56:29.0575 2476 i2omp - ok
10:56:29.0618 2476 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:56:29.0620 2476 i8042prt - ok
10:56:29.0647 2476 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:56:29.0648 2476 iaStorV - ok
10:56:29.0724 2476 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:56:29.0726 2476 IDriverT - ok
10:56:29.0847 2476 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:56:29.0875 2476 idsvc - ok
10:56:30.0237 2476 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:56:30.0239 2476 iirsp - ok
10:56:30.0317 2476 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
10:56:30.0342 2476 IKEEXT - ok
10:56:30.0368 2476 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
10:56:30.0368 2476 intelide - ok
10:56:30.0466 2476 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:56:30.0467 2476 intelppm - ok
10:56:30.0607 2476 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:56:30.0614 2476 IPBusEnum - ok
10:56:30.0643 2476 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:30.0645 2476 IpFilterDriver - ok
10:56:30.0698 2476 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
10:56:30.0711 2476 iphlpsvc - ok
10:56:30.0715 2476 IpInIp - ok
10:56:30.0739 2476 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:56:30.0740 2476 IPMIDRV - ok
10:56:30.0766 2476 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:56:30.0772 2476 IPNAT - ok
10:56:30.0797 2476 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:56:30.0798 2476 IRENUM - ok
10:56:30.0833 2476 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
10:56:30.0834 2476 isapnp - ok
10:56:30.0883 2476 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
10:56:30.0894 2476 iScsiPrt - ok
10:56:30.0911 2476 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:56:30.0912 2476 iteatapi - ok
10:56:30.0927 2476 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:56:30.0927 2476 iteraid - ok
10:56:30.0984 2476 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:56:30.0985 2476 kbdclass - ok
10:56:30.0998 2476 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:56:30.0999 2476 kbdhid - ok
10:56:31.0034 2476 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:31.0035 2476 KeyIso - ok
10:56:31.0066 2476 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
10:56:31.0080 2476 KSecDD - ok
10:56:31.0141 2476 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:56:31.0158 2476 KtmRm - ok
10:56:31.0380 2476 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\System32\srvsvc.dll
10:56:31.0386 2476 LanmanServer - ok
10:56:31.0468 2476 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
10:56:31.0480 2476 LanmanWorkstation - ok
10:56:31.0494 2476 Lbd - ok
10:56:31.0519 2476 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:56:31.0520 2476 lltdio - ok
10:56:31.0546 2476 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:56:31.0556 2476 lltdsvc - ok
10:56:31.0580 2476 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:56:31.0582 2476 lmhosts - ok
10:56:31.0613 2476 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:56:31.0614 2476 LSI_FC - ok
10:56:31.0634 2476 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:56:31.0634 2476 LSI_SAS - ok
10:56:31.0655 2476 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:56:31.0657 2476 LSI_SCSI - ok
10:56:31.0707 2476 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:56:31.0714 2476 luafv - ok
10:56:31.0752 2476 MarvinBus (d51e16339213898bc20c58670274ec3e) C:\Windows\system32\DRIVERS\MarvinBus.sys
10:56:31.0753 2476 MarvinBus - ok
10:56:31.0772 2476 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:56:31.0774 2476 Mcx2Svc - ok
10:56:31.0804 2476 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:56:31.0805 2476 megasas - ok
10:56:31.0905 2476 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:56:31.0907 2476 Microsoft Office Groove Audit Service - ok
10:56:31.0920 2476 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:56:31.0922 2476 MMCSS - ok
10:56:31.0945 2476 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:56:31.0946 2476 Modem - ok
10:56:31.0975 2476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:56:31.0976 2476 monitor - ok
10:56:32.0004 2476 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:56:32.0005 2476 mouclass - ok
10:56:32.0020 2476 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:56:32.0021 2476 mouhid - ok
10:56:32.0048 2476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:56:32.0049 2476 MountMgr - ok
10:56:32.0109 2476 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:56:32.0114 2476 MozillaMaintenance - ok
10:56:32.0184 2476 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
10:56:32.0197 2476 MpFilter - ok
10:56:32.0258 2476 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:56:32.0259 2476 mpio - ok
10:56:32.0643 2476 MpKslc79087bc (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B88F42D-8AF7-4656-BD95-D4DBD7977579}\MpKslc79087bc.sys
10:56:32.0643 2476 MpKslc79087bc - ok
10:56:32.0781 2476 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:56:32.0782 2476 MpNWMon - ok
10:56:32.0803 2476 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:56:32.0804 2476 mpsdrv - ok
10:56:32.0852 2476 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
10:56:32.0891 2476 MpsSvc - ok
10:56:32.0920 2476 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:56:32.0921 2476 Mraid35x - ok
10:56:32.0950 2476 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
10:56:32.0956 2476 MRxDAV - ok
10:56:32.0987 2476 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:32.0992 2476 mrxsmb - ok
10:56:33.0033 2476 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:33.0044 2476 mrxsmb10 - ok
10:56:33.0056 2476 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:33.0058 2476 mrxsmb20 - ok
10:56:33.0078 2476 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
10:56:33.0079 2476 msahci - ok
10:56:33.0096 2476 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:56:33.0097 2476 msdsm - ok
10:56:33.0129 2476 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:56:33.0134 2476 MSDTC - ok
10:56:33.0163 2476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:56:33.0164 2476 Msfs - ok
10:56:33.0198 2476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:56:33.0198 2476 msisadrv - ok
10:56:33.0306 2476 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:56:33.0312 2476 MSiSCSI - ok
10:56:33.0316 2476 msiserver - ok
10:56:33.0352 2476 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:56:33.0353 2476 MSKSSRV - ok
10:56:33.0444 2476 MsMpSvc (90dc23d940551db35367fb1e40575b25) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:56:33.0445 2476 MsMpSvc - ok
10:56:33.0471 2476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:33.0472 2476 MSPCLOCK - ok
10:56:33.0498 2476 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:56:33.0498 2476 MSPQM - ok
10:56:33.0537 2476 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
10:56:33.0541 2476 MsRPC - ok
10:56:33.0683 2476 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:56:33.0684 2476 mssmbios - ok
10:56:33.0782 2476 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:56:33.0786 2476 MSTEE - ok
10:56:33.0814 2476 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
10:56:33.0815 2476 Mup - ok
10:56:33.0922 2476 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
10:56:33.0934 2476 napagent - ok
10:56:33.0981 2476 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
10:56:33.0994 2476 NativeWifiP - ok
10:56:34.0060 2476 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
10:56:34.0072 2476 NDIS - ok
10:56:34.0104 2476 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:34.0104 2476 NdisTapi - ok
10:56:34.0136 2476 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:34.0138 2476 Ndisuio - ok
10:56:34.0182 2476 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:34.0187 2476 NdisWan - ok
10:56:34.0212 2476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:56:34.0213 2476 NDProxy - ok
10:56:34.0284 2476 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
10:56:34.0285 2476 Net Driver HPZ12 - ok
10:56:34.0299 2476 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:56:34.0300 2476 NetBIOS - ok
10:56:34.0364 2476 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
10:56:34.0377 2476 netbt - ok
10:56:34.0423 2476 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:34.0425 2476 Netlogon - ok
10:56:34.0444 2476 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:56:34.0454 2476 Netman - ok
10:56:34.0499 2476 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:56:34.0508 2476 netprofm - ok
10:56:34.0592 2476 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:34.0597 2476 NetTcpPortSharing - ok
10:56:34.0626 2476 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:56:34.0628 2476 nfrd960 - ok
10:56:34.0694 2476 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:56:34.0695 2476 NisDrv - ok
10:56:35.0372 2476 NisSrv (c73de53197ac0c4db60b80588f0d54df) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:56:35.0374 2476 NisSrv - ok
10:56:35.0418 2476 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:56:35.0431 2476 NlaSvc - ok
10:56:35.0466 2476 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
10:56:35.0467 2476 Npfs - ok
10:56:35.0501 2476 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:56:35.0503 2476 nsi - ok
10:56:35.0561 2476 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:56:35.0562 2476 nsiproxy - ok
10:56:35.0664 2476 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
10:56:35.0686 2476 Ntfs - ok
10:56:35.0739 2476 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:56:35.0740 2476 ntrigdigi - ok
10:56:35.0767 2476 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:56:35.0768 2476 Null - ok
10:56:35.0856 2476 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
10:56:35.0864 2476 NVENETFD - ok
10:56:36.0349 2476 nvlddmkm (671c58cc8dadfe2903207f299ce7a0e1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:56:36.0467 2476 nvlddmkm - ok
10:56:36.0609 2476 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:56:36.0610 2476 nvraid - ok
10:56:36.0635 2476 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:56:36.0636 2476 nvstor - ok
10:56:36.0677 2476 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
10:56:36.0678 2476 nvstor32 - ok
10:56:36.0722 2476 nvsvc (55cc673f72608cc569d696408a31d2b7) C:\Windows\system32\nvvsvc.exe
10:56:36.0725 2476 nvsvc - ok
10:56:36.0773 2476 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
10:56:36.0773 2476 nv_agp - ok
10:56:36.0777 2476 NwlnkFlt - ok
10:56:36.0783 2476 NwlnkFwd - ok
10:56:36.0911 2476 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:56:36.0925 2476 odserv - ok
10:56:37.0007 2476 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
10:56:37.0009 2476 ohci1394 - ok
10:56:37.0088 2476 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:37.0100 2476 ose - ok
10:56:37.0153 2476 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
10:56:37.0154 2476 ossrv - ok
10:56:37.0354 2476 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:37.0371 2476 p2pimsvc - ok
10:56:37.0379 2476 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:37.0385 2476 p2psvc - ok
10:56:37.0416 2476 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:56:37.0417 2476 Parport - ok
10:56:37.0445 2476 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
10:56:37.0447 2476 partmgr - ok
10:56:37.0458 2476 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:56:37.0459 2476 Parvdm - ok
10:56:37.0488 2476 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:56:37.0491 2476 PcaSvc - ok
10:56:37.0535 2476 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
10:56:37.0539 2476 pci - ok
10:56:37.0576 2476 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:56:37.0577 2476 pciide - ok
10:56:37.0617 2476 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\system32\drivers\pclepci.sys
10:56:37.0617 2476 PCLEPCI - ok
10:56:37.0639 2476 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:56:37.0653 2476 pcmcia - ok
10:56:37.0725 2476 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:56:37.0745 2476 PEAUTH - ok
10:56:37.0792 2476 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
10:56:37.0792 2476 pfc - ok
10:56:37.0851 2476 pgfilter - ok
10:56:37.0939 2476 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:56:37.0999 2476 pla - ok
10:56:38.0090 2476 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
10:56:38.0100 2476 PlugPlay - ok
10:56:38.0158 2476 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
10:56:38.0160 2476 Pml Driver HPZ12 - ok
10:56:38.0272 2476 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:38.0278 2476 PNRPAutoReg - ok
10:56:38.0286 2476 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:38.0293 2476 PNRPsvc - ok
10:56:38.0347 2476 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
10:56:38.0364 2476 PolicyAgent - ok
10:56:38.0411 2476 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:56:38.0413 2476 PptpMiniport - ok
10:56:38.0445 2476 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:56:38.0446 2476 Processor - ok
10:56:38.0482 2476 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
10:56:38.0494 2476 ProfSvc - ok
10:56:38.0522 2476 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:38.0523 2476 ProtectedStorage - ok
10:56:38.0598 2476 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
10:56:38.0599 2476 ProtexisLicensing - ok
10:56:38.0622 2476 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
10:56:38.0623 2476 PSched - ok
10:56:38.0663 2476 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:56:38.0664 2476 PxHelp20 - ok
10:56:38.0732 2476 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:56:38.0765 2476 ql2300 - ok
10:56:38.0822 2476 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:56:38.0826 2476 ql40xx - ok
10:56:38.0884 2476 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:56:38.0900 2476 QWAVE - ok
10:56:38.0952 2476 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:56:38.0953 2476 QWAVEdrv - ok
10:56:39.0073 2476 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
10:56:39.0100 2476 R300 - ok
10:56:39.0281 2476 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:56:39.0294 2476 RasAcd - ok
10:56:39.0469 2476 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:56:39.0473 2476 RasAuto - ok
10:56:39.0530 2476 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:39.0532 2476 Rasl2tp - ok
10:56:39.0569 2476 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
10:56:39.0578 2476 RasMan - ok
10:56:39.0605 2476 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:39.0606 2476 RasPppoe - ok
10:56:39.0637 2476 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
10:56:39.0638 2476 RasSstp - ok
10:56:39.0668 2476 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
10:56:39.0680 2476 rdbss - ok
10:56:39.0714 2476 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:39.0715 2476 RDPCDD - ok
10:56:39.0758 2476 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
10:56:39.0760 2476 rdpdr - ok
10:56:39.0799 2476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:56:39.0800 2476 RDPENCDD - ok
10:56:39.0838 2476 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
10:56:39.0849 2476 RDPWD - ok
10:56:39.0895 2476 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:56:39.0897 2476 RemoteAccess - ok
10:56:39.0949 2476 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
10:56:39.0955 2476 RemoteRegistry - ok
10:56:40.0088 2476 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:56:40.0094 2476 RoxMediaDB9 - ok
10:56:40.0150 2476 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
10:56:40.0152 2476 RoxWatch9 - ok
10:56:40.0238 2476 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:56:40.0241 2476 RpcLocator - ok
10:56:40.0305 2476 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\System32\rpcss.dll
10:56:40.0310 2476 RpcSs - ok
10:56:40.0747 2476 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:56:40.0748 2476 rspndr - ok
10:56:40.0771 2476 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:40.0772 2476 SamSs - ok
10:56:40.0799 2476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:56:40.0801 2476 sbp2port - ok
10:56:40.0855 2476 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
10:56:40.0860 2476 SCardSvr - ok
10:56:40.0927 2476 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
10:56:40.0928 2476 SCDEmu - ok
10:56:40.0987 2476 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
10:56:41.0006 2476 Schedule - ok
10:56:41.0062 2476 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
10:56:41.0063 2476 SCPolicySvc - ok
10:56:41.0093 2476 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:56:41.0098 2476 SDRSVC - ok
10:56:41.0112 2476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:56:41.0113 2476 secdrv - ok
10:56:41.0141 2476 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:56:41.0144 2476 seclogon - ok
10:56:41.0189 2476 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:56:41.0191 2476 SENS - ok
10:56:41.0243 2476 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:56:41.0245 2476 Serenum - ok
10:56:41.0281 2476 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:56:41.0288 2476 Serial - ok
10:56:41.0316 2476 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:56:41.0347 2476 sermouse - ok
10:56:41.0405 2476 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:56:41.0411 2476 SessionEnv - ok
10:56:41.0435 2476 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:56:41.0436 2476 sffdisk - ok
10:56:41.0453 2476 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:56:41.0454 2476 sffp_mmc - ok
10:56:41.0464 2476 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:56:41.0465 2476 sffp_sd - ok
10:56:41.0474 2476 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:56:41.0475 2476 sfloppy - ok
10:56:41.0512 2476 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:56:41.0522 2476 SharedAccess - ok
10:56:41.0600 2476 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
10:56:41.0603 2476 ShellHWDetection - ok
10:56:41.0790 2476 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
10:56:41.0856 2476 sisagp - ok
10:56:42.0026 2476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:56:42.0036 2476 SiSRaid2 - ok
10:56:42.0223 2476 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:56:42.0224 2476 SiSRaid4 - ok
10:56:42.0392 2476 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
10:56:42.0460 2476 slsvc - ok
10:56:42.0559 2476 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
10:56:42.0562 2476 SLUINotify - ok
10:56:42.0601 2476 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
10:56:42.0603 2476 Smb - ok
10:56:42.0658 2476 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:56:42.0661 2476 SNMPTRAP - ok
10:56:42.0697 2476 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
10:56:42.0698 2476 Soluto - ok
10:56:42.0854 2476 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
10:56:42.0858 2476 SolutoService - ok
10:56:42.0900 2476 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:56:42.0901 2476 spldr - ok
10:56:42.0935 2476 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
10:56:42.0947 2476 Spooler - ok
10:56:42.0991 2476 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
10:56:42.0999 2476 srv - ok
10:56:43.0028 2476 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
10:56:43.0034 2476 srv2 - ok
10:56:43.0066 2476 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
10:56:43.0072 2476 srvnet - ok
10:56:43.0090 2476 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:56:43.0102 2476 SSDPSRV - ok
10:56:43.0141 2476 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:56:43.0145 2476 SstpSvc - ok
10:56:43.0249 2476 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
10:56:43.0558 2476 stisvc - ok
10:56:43.0890 2476 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:56:43.0892 2476 stllssvr - ok
10:56:43.0940 2476 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:56:43.0942 2476 swenum - ok
10:56:44.0001 2476 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
10:56:44.0051 2476 swprv - ok
10:56:44.0141 2476 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:56:44.0142 2476 Symc8xx - ok
10:56:44.0161 2476 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:56:44.0162 2476 Sym_hi - ok
10:56:44.0191 2476 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:56:44.0193 2476 Sym_u3 - ok
10:56:44.0263 2476 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
10:56:44.0288 2476 SysMain - ok
10:56:44.0342 2476 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:56:44.0346 2476 TabletInputService - ok
10:56:44.0393 2476 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
10:56:44.0403 2476 TapiSrv - ok
10:56:44.0425 2476 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:56:44.0428 2476 TBS - ok
10:56:44.0488 2476 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
10:56:44.0508 2476 Tcpip - ok
10:56:44.0521 2476 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
10:56:44.0527 2476 Tcpip6 - ok
10:56:44.0545 2476 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
10:56:44.0546 2476 tcpipreg - ok
10:56:44.0570 2476 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:56:44.0571 2476 TDPIPE - ok
10:56:44.0590 2476 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:56:44.0591 2476 TDTCP - ok
10:56:44.0619 2476 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
10:56:44.0621 2476 tdx - ok
10:56:44.0672 2476 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
10:56:44.0674 2476 TermDD - ok
10:56:44.0744 2476 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
10:56:44.0765 2476 TermService - ok
10:56:45.0062 2476 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
10:56:45.0066 2476 Themes - ok
10:56:45.0216 2476 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:56:45.0218 2476 THREADORDER - ok
10:56:45.0263 2476 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:56:45.0266 2476 TrkWks - ok
10:56:45.0313 2476 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
10:56:45.0314 2476 TrustedInstaller - ok
10:56:45.0414 2476 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:56:45.0495 2476 tssecsrv - ok
10:56:45.0554 2476 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:56:45.0554 2476 tunmp - ok
10:56:45.0583 2476 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
10:56:45.0584 2476 tunnel - ok
10:56:45.0616 2476 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:56:45.0617 2476 uagp35 - ok
10:56:45.0650 2476 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
10:56:45.0661 2476 udfs - ok
10:56:45.0711 2476 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:56:45.0714 2476 UI0Detect - ok
10:56:45.0810 2476 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:56:45.0811 2476 UleadBurningHelper - ok
10:56:45.0838 2476 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
10:56:45.0839 2476 uliagpkx - ok
10:56:45.0864 2476 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:56:45.0875 2476 uliahci - ok
10:56:45.0891 2476 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:56:45.0897 2476 UlSata - ok
10:56:45.0918 2476 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:56:45.0923 2476 ulsata2 - ok
10:56:46.0003 2476 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:56:46.0006 2476 umbus - ok
10:56:46.0055 2476 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:56:46.0079 2476 upnphost - ok
10:56:46.0136 2476 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
10:56:46.0137 2476 usbaudio - ok
10:56:46.0437 2476 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:56:46.0562 2476 usbccgp - ok
10:56:46.0778 2476 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:56:46.0780 2476 usbcir - ok
10:56:46.0855 2476 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
10:56:46.0856 2476 usbehci - ok
10:56:46.0893 2476 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
10:56:46.0904 2476 usbhub - ok
10:56:46.0916 2476 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
10:56:46.0918 2476 usbohci - ok
10:56:46.0962 2476 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:56:46.0963 2476 usbprint - ok
10:56:47.0008 2476 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:56:47.0008 2476 usbscan - ok
10:56:47.0049 2476 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:56:47.0050 2476 USBSTOR - ok
10:56:47.0092 2476 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
10:56:47.0092 2476 usbuhci - ok
10:56:47.0119 2476 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
10:56:47.0122 2476 UxSms - ok
10:56:47.0153 2476 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
10:56:47.0167 2476 vds - ok
10:56:47.0209 2476 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:56:47.0210 2476 vga - ok
10:56:47.0232 2476 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:56:47.0233 2476 VgaSave - ok
10:56:47.0255 2476 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
10:56:47.0257 2476 viaagp - ok
10:56:47.0287 2476 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:56:47.0289 2476 ViaC7 - ok
10:56:47.0308 2476 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
10:56:47.0309 2476 viaide - ok
10:56:47.0387 2476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:56:47.0388 2476 volmgr - ok
10:56:47.0446 2476 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
10:56:47.0461 2476 volmgrx - ok
10:56:47.0509 2476 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
10:56:47.0521 2476 volsnap - ok
10:56:47.0546 2476 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:56:47.0550 2476 vsmraid - ok
10:56:47.0622 2476 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
10:56:47.0663 2476 VSS - ok
10:56:47.0694 2476 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
10:56:47.0728 2476 W32Time - ok
10:56:48.0185 2476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:56:48.0194 2476 WacomPen - ok
10:56:48.0214 2476 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:56:48.0215 2476 Wanarp - ok
10:56:48.0218 2476 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:56:48.0219 2476 Wanarpv6 - ok
10:56:48.0299 2476 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
10:56:48.0324 2476 wcncsvc - ok
10:56:48.0354 2476 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:56:48.0357 2476 WcsPlugInService - ok
10:56:48.0375 2476 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:56:48.0376 2476 Wd - ok
10:56:48.0424 2476 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:56:48.0436 2476 Wdf01000 - ok
10:56:48.0468 2476 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:56:48.0471 2476 WdiServiceHost - ok
10:56:48.0474 2476 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:56:48.0478 2476 WdiSystemHost - ok
10:56:48.0517 2476 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
10:56:48.0529 2476 WebClient - ok
10:56:48.0554 2476 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:56:48.0567 2476 Wecsvc - ok
10:56:48.0598 2476 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:56:48.0602 2476 wercplsupport - ok
10:56:48.0643 2476 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
10:56:48.0657 2476 WerSvc - ok
10:56:48.0738 2476 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:56:48.0748 2476 WinDefend - ok
10:56:48.0754 2476 WinHttpAutoProxySvc - ok
10:56:48.0818 2476 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
10:56:48.0823 2476 Winmgmt - ok
10:56:48.0965 2476 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:56:49.0025 2476 WinRM - ok
10:56:49.0203 2476 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
10:56:49.0250 2476 Wlansvc - ok
10:56:49.0304 2476 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:56:49.0305 2476 WmiAcpi - ok
10:56:49.0363 2476 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
10:56:49.0365 2476 wmiApSrv - ok
10:56:49.0493 2476 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:56:49.0511 2476 WMPNetworkSvc - ok
10:56:49.0544 2476 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
10:56:49.0558 2476 WPCSvc - ok
10:56:49.0589 2476 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
10:56:49.0593 2476 WPDBusEnum - ok
10:56:49.0664 2476 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
10:56:49.0666 2476 WpdUsb - ok
10:56:49.0695 2476 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:56:49.0696 2476 ws2ifsl - ok
10:56:49.0722 2476 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
10:56:49.0723 2476 WsAudio_DeviceS(1) - ok
10:56:49.0741 2476 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
10:56:49.0742 2476 WsAudio_DeviceS(2) - ok
10:56:49.0787 2476 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
10:56:49.0788 2476 WsAudio_DeviceS(3) - ok
10:56:49.0813 2476 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
10:56:49.0814 2476 WsAudio_DeviceS(4) - ok
10:56:49.0841 2476 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
10:56:49.0842 2476 WsAudio_DeviceS(5) - ok
10:56:49.0876 2476 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
10:56:49.0879 2476 wscsvc - ok
10:56:49.0882 2476 WSearch - ok
10:56:50.0017 2476 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:56:50.0074 2476 wuauserv - ok
10:56:50.0416 2476 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:56:50.0417 2476 WUDFRd - ok
10:56:50.0451 2476 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:56:50.0454 2476 wudfsvc - ok
10:56:50.0468 2476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:56:50.0471 2476 \Device\Harddisk0\DR0 - ok
10:56:50.0495 2476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
10:56:50.0543 2476 \Device\Harddisk1\DR1 - ok
10:56:51.0011 2476 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk2\DR2
10:56:51.0015 2476 \Device\Harddisk2\DR2 - ok
10:56:51.0019 2476 Boot (0x1200) (43feb21adb9406a882922316b5ab853d) \Device\Harddisk0\DR0\Partition0
10:56:51.0020 2476 \Device\Harddisk0\DR0\Partition0 - ok
10:56:51.0061 2476 Boot (0x1200) (a583a3aee885f0a9dbebfe39db018ab6) \Device\Harddisk1\DR1\Partition0
10:56:51.0062 2476 \Device\Harddisk1\DR1\Partition0 - ok
10:56:51.0077 2476 Boot (0x1200) (663c60b0c4f38710958eb28e05d90211) \Device\Harddisk1\DR1\Partition1
10:56:51.0078 2476 \Device\Harddisk1\DR1\Partition1 - ok
10:56:51.0084 2476 Boot (0x1200) (4861001604d98d3fbc13bca5b7cd11d3) \Device\Harddisk2\DR2\Partition0
10:56:51.0086 2476 \Device\Harddisk2\DR2\Partition0 - ok
10:56:51.0093 2476 ============================================================
10:56:51.0093 2476 Scan finished
10:56:51.0093 2476 ============================================================
10:56:51.0105 1472 Detected object count: 0
10:56:51.0105 1472 Actual detected object count: 0
  • 0

#9
Alexandra D. Porsi
Posted 27 April 2012 - 09:00 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 10:58:29
-----------------------------
10:58:29.357 OS Version: Windows 6.0.6001 Service Pack 1
10:58:29.357 Number of processors: 2 586 0xF06
10:58:29.358 ComputerName: DESKTOP UserName: alex
10:58:30.558 Initialize success
10:58:57.920 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000072
10:58:57.922 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 6
10:58:57.923 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000073
10:58:57.925 Disk 1 Vendor: ST332062 3.AD Size: 305245MB BusType: 6
10:58:57.926 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000084
10:58:57.927 Disk 2 Vendor: Size: 305245MB BusType: 0
10:58:57.980 Disk 1 MBR read successfully
10:58:57.982 Disk 1 MBR scan
10:58:57.983 Disk 1 Windows VISTA default MBR code
10:58:57.990 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
10:58:58.016 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
10:58:58.072 Disk 1 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
10:58:58.097 Disk 1 scanning sectors +625139712
10:58:58.211 Disk 1 scanning C:\Windows\system32\drivers
10:59:08.855 Service scanning
10:59:13.922 Service GMSIPCI F:\INSTALL\GMSIPCI.SYS **LOCKED** 21
10:59:17.131 Service MpKslc79087bc C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B88F42D-8AF7-4656-BD95-D4DBD7977579}\MpKslc79087bc.sys **LOCKED** 32
10:59:17.193 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:59:26.818 Modules scanning
10:59:35.069 Scan finished successfully
11:00:16.476 Disk 1 MBR has been saved successfully to "C:\Users\alex\Desktop\MBR.dat"
11:00:16.478 The log file has been saved successfully to "C:\Users\alex\Desktop\aswMBR.txt"
  • 0

#10
Alexandra D. Porsi
Posted 27 April 2012 - 09:22 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OTL logfile created on: 4/27/2012 11:02:33 AM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.60% Memory free
6.19 Gb Paging File | 4.81 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 35.00 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 208.02 Gb Free Space | 69.78% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 255.67 Gb Free Space | 54.91% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 10:58:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\alex\Desktop\aswMBR.exe
PRC - [2012/04/27 10:55:25 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\alex\Desktop\tdsskiller.exe
PRC - [2012/04/26 15:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
PRC - [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/24 17:32:38 | 001,716,784 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2012/03/23 11:16:14 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/17 06:07:00 | 004,412,168 | ---- | M] (Just Great Software) -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006/09/28 16:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/26 10:51:17 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\bb59367b0fe74f712ada2b428dfae27e\PCGPostBootResources.ni.dll
MOD - [2012/04/26 10:51:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\46ce461efb05e22ee95c3bb3dc6ea57a\PCGHIDProbe.ni.dll
MOD - [2012/04/26 10:51:17 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\314d85da1d125dd808783c45ecb78afe\PCGRSPProbe.ni.dll
MOD - [2012/04/26 10:51:16 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\e6124e9982d6012a1c4f370f473a07a1\Community.CsharpSqlite.ni.dll
MOD - [2012/04/26 10:51:15 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\206a8c5a109cb7712169e738c712bc1d\PCGWuInfo.ni.dll
MOD - [2012/04/26 10:51:15 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\fb4a2eb4e6734597ceb50b4a14984352\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012/04/26 10:51:14 | 000,177,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\7259192f480c116200d1c6db9f6637e4\PCGAppControlPluginLoader.ni.dll
MOD - [2012/04/26 10:51:14 | 000,067,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\fb024855b4c85b2d3c4b7686e4524e2e\PCGUsersCenter.ni.dll
MOD - [2012/04/26 10:51:13 | 004,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\2d6baa7b56c5b90a9192030319507adf\PCGClientCommon.ni.dll
MOD - [2012/04/26 10:51:09 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\3f626f0c59a0727dedff05552d32be6a\PCGBootVisualizingCommon.ni.dll
MOD - [2012/04/26 10:51:08 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\ca6517ae52900df33444733cdddf4579\PCGConfiguration.ni.dll
MOD - [2012/04/26 10:51:06 | 003,942,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\e20bf999d9f4e8e15caaed2d6f30b448\PCGDatabase.ni.dll
MOD - [2012/04/26 10:51:03 | 001,356,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\65ac88b7b25cf1d482a1ce6808d51cfb\PCGAzureShared.ni.dll
MOD - [2012/04/26 10:51:03 | 000,048,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\f574a40e270583b5e9bb8c4ee6822926\PCGAzureEntityFramework.ni.dll
MOD - [2012/04/26 10:51:02 | 001,290,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\bdaed6a39defa75aad47cf36fa1f1a54\PCGCommunication.ni.dll
MOD - [2012/04/26 10:50:59 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\04f6adeeba66f36a3c4b3f17babf97ed\PCGDriverProbe.ni.dll
MOD - [2012/04/26 10:50:58 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\9d368d4e540942c17a2de5becf3c6d5f\PCGPreCompiled.ni.dll
MOD - [2012/04/26 10:50:56 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\393b0aa8da675735c82bac6b966a92da\Ionic.Zip.Reduced.ni.dll
MOD - [2012/04/26 10:50:56 | 000,206,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\116f6409e5e93341e243ed3a142bc752\PCGPrestoSerializer.ni.dll
MOD - [2012/04/26 10:50:53 | 002,665,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\6e8a390df32136e9fc9b7356d8d84c86\PCGFramework.ni.dll
MOD - [2012/04/26 10:50:49 | 002,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\fed6e2336954f04a17f28acf5d8bdc5d\Soluto.ni.exe
MOD - [2012/04/25 17:33:13 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/24 17:13:38 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2012/04/13 17:18:30 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011/08/09 16:10:00 | 002,516,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\08d43352c20674454742c5bc699b2da9\System.Data.Linq.ni.dll
MOD - [2011/08/09 16:09:06 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll
MOD - [2011/08/09 16:09:01 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/08/09 16:08:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/08/09 16:08:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/08/09 16:08:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/08/09 16:07:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/08/09 16:07:45 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/08/09 16:07:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/01/19 06:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009/05/21 21:56:37 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2008/10/13 18:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/04/13 15:32:14 | 000,165,376 | ---- | M] () -- C:\Program Files\Taskbar Shuffle\tbhookin.dll
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/25 17:33:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/04/13 17:18:31 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/04/19 19:43:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/03 11:24:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/28 16:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ddduqcku.sys -- (ddduqcku)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\alex\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\alex\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/26 21:23:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B88F42D-8AF7-4656-BD95-D4DBD7977579}\MpKslc79087bc.sys -- (MpKslc79087bc)
DRV - [2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2011/07/28 06:27:08 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/03 15:56:56 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/15 01:15:42 | 000,813,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/06 22:24:08 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/04/06 22:24:08 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/17 09:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/06 15:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/21 15:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/02/14 14:33:29 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/14 10:29:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 17:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 10:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/22 08:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/14 10:19:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\alex\AppData\Roaming\Move Networks [2009/10/03 09:23:25 | 000,000,000 | ---D | M]

[2010/01/24 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions
[2010/01/24 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/15 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2012/04/26 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions
[2011/07/02 09:53:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/02 13:40:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/16 09:36:02 | 000,000,000 | ---D | M] (ChromEdit Plus) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2011/02/20 13:03:58 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1i9rftxy.default\extensions\[email protected]
[2012/01/12 19:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/25 17:33:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2005/11/29 18:28:00 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll
[2012/02/15 11:06:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 11:06:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: ebrary Reader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPinfotl.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\alex\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/04/27 10:20:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235DD92E-E440-412C-938E-2422C8087442}: DhcpNameServer = 68.87.75.194 68.87.64.146 68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35148E20-38E3-4AD5-BE2B-B0D81E7D89B2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\alex\Desktop\for tumblr\red\tumblr_lnumhhpSHP1qz6f9yo1_500.jpg
O24 - Desktop BackupWallPaper: C:\Users\alex\Desktop\for tumblr\red\tumblr_lnumhhpSHP1qz6f9yo1_500.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/12 10:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^systemcleaner.lnk - - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CTHelper - hkey= - key= - File not found
MsConfig - StartUpReg: CTxfiHlp - hkey= - key= - File not found
MsConfig - StartUpReg: CTXFIREG - hkey= - key= - File not found
MsConfig - StartUpReg: ECenter - hkey= - key= - c:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found
MsConfig - StartUpReg: OpwareSE2 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Taskbar Shuffle - hkey= - key= - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: UVS10 Preload - hkey= - key= - C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe (Ulead Systems, Inc.)
MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WrtMon.exe - hkey= - key= - File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SolutoService - C:\Program Files\Soluto\SolutoService.exe (Soluto)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SolutoService - C:\Program Files\Soluto\SolutoService.exe (Soluto)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2C761100-4313-5957-9485-DFF4CE79A01E} - Adobe Shockwave Director 10.4
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9162D0AC-7D38-BD3E-4EEE-E68619B607B6} - Themes Setup
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9CCA01FA-51CA-AE40-B4BF-C42775925EB1} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E3ECA0F8-2DBF-D518-98EB-DE5BC801CE7B} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 10:58:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\alex\Desktop\aswMBR.exe
[2012/04/27 10:55:23 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\alex\Desktop\tdsskiller.exe
[2012/04/27 10:28:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/27 10:27:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/27 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\temp
[2012/04/27 10:06:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/27 10:06:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/27 10:06:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/27 10:06:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/27 10:04:56 | 004,477,723 | R--- | C] (Swearware) -- C:\Users\alex\Desktop\ComboFix.exe
[2012/04/27 09:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/27 09:45:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/27 09:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/27 09:44:31 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\alex\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 20:58:46 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\alex\Desktop\unhide.exe
[2012/04/26 19:47:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 19:46:16 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\OTL old stuff
[2012/04/26 15:36:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2012/04/26 10:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/04/26 10:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/04/25 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\RK_Quarantine
[2012/04/25 19:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/04/25 19:05:01 | 007,247,536 | ---- | C] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro36.exe
[2012/04/25 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/04/25 17:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/25 17:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/19 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\op art
[2012/04/02 18:11:33 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/27 11:00:16 | 000,000,512 | ---- | M] () -- C:\Users\alex\Desktop\MBR.dat
[2012/04/27 10:58:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\alex\Desktop\aswMBR.exe
[2012/04/27 10:55:25 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\alex\Desktop\tdsskiller.exe
[2012/04/27 10:27:09 | 000,005,248 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 10:27:09 | 000,005,248 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 10:21:24 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 10:20:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/27 10:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 10:04:57 | 004,477,723 | R--- | M] (Swearware) -- C:\Users\alex\Desktop\ComboFix.exe
[2012/04/27 09:45:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 09:44:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\alex\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/27 09:43:58 | 000,000,479 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop - Shortcut.lnk
[2012/04/27 08:53:28 | 000,000,077 | ---- | M] () -- C:\Show Desktop.scf
[2012/04/27 08:47:28 | 000,061,440 | ---- | M] ( ) -- C:\Users\alex\Desktop\VEW.exe
[2012/04/27 08:42:13 | 000,000,832 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2012/04/27 08:41:56 | 000,000,882 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\thunderbird - Shortcut.lnk
[2012/04/27 08:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 08:36:25 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/27 08:36:25 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/27 08:36:25 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/26 21:16:26 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A482A68-0330-4A8D-9FD3-200B36A2F2C2}.job
[2012/04/26 20:58:45 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\alex\Desktop\unhide.exe
[2012/04/26 15:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe
[2012/04/26 13:44:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/25 20:41:46 | 001,280,512 | ---- | M] () -- C:\Users\alex\Desktop\RogueKiller.exe
[2012/04/25 19:05:17 | 007,247,536 | ---- | M] (SurfRight B.V.) -- C:\Users\alex\Desktop\HitmanPro36.exe
[2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2012/04/18 19:21:38 | 000,600,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/18 19:21:38 | 000,102,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/18 10:00:02 | 000,168,339 | ---- | M] () -- C:\Users\alex\Desktop\21317414567(2).htm
[2012/04/18 09:59:56 | 000,172,752 | ---- | M] () -- C:\Users\alex\Desktop\21317414567.htm
[2012/04/18 08:14:34 | 000,415,855 | ---- | M] () -- C:\Users\alex\Desktop\choreography for belly dance.pdf
[2012/04/13 17:18:31 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 17:18:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/11 08:58:00 | 000,130,003 | ---- | M] () -- C:\Users\alex\Desktop\themostawesomestoryieverhe.jpg
[2012/04/09 18:54:09 | 130,462,258 | ---- | M] () -- C:\Users\alex\Desktop\999576_japanese_enema_squirting_schoolgirls_torture_censored.flv
[2012/04/06 19:16:40 | 000,186,092 | ---- | M] () -- C:\Users\alex\Desktop\Exotic Identities - Dance, Difference,.pdf
[2012/04/06 19:16:23 | 001,322,829 | ---- | M] () -- C:\Users\alex\Desktop\The Many Faces of Spirituality - A Conceptual Framework.pdf
[2012/04/06 19:15:22 | 000,146,373 | ---- | M] () -- C:\Users\alex\Desktop\Sacred Embodiment - Fertility Ritual, Mother Goddess, and Cultures of Belly Dance.pdf
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/27 11:00:16 | 000,000,512 | ---- | C] () -- C:\Users\alex\Desktop\MBR.dat
[2012/04/27 10:06:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/27 10:06:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/27 10:06:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/27 10:06:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/27 10:06:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/27 09:45:34 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 08:53:54 | 000,000,479 | ---- | C] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop - Shortcut.lnk
[2012/04/27 08:53:28 | 000,000,077 | ---- | C] () -- C:\Show Desktop.scf
[2012/04/27 08:47:30 | 000,061,440 | ---- | C] ( ) -- C:\Users\alex\Desktop\VEW.exe
[2012/04/27 08:42:13 | 000,000,832 | ---- | C] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2012/04/27 08:41:56 | 000,000,882 | ---- | C] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\thunderbird - Shortcut.lnk
[2012/04/26 21:19:07 | 000,054,472 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/26 21:19:07 | 000,054,472 | ---- | C] () -- C:\Windows\System32\BMXState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/26 21:19:07 | 000,000,788 | ---- | C] () -- C:\Windows\System32\DVCState-{00000008-00000000-00000006-00001102-00000005-10031102}.rfx
[2012/04/26 21:17:37 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/04/26 21:17:37 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/04/26 21:17:37 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/26 21:17:37 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/04/26 21:17:37 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/04/26 21:17:37 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/04/26 21:17:37 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/04/26 21:17:37 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/04/26 21:17:37 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/26 21:17:37 | 000,001,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/04/26 21:17:37 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/04/25 20:41:46 | 001,280,512 | ---- | C] () -- C:\Users\alex\Desktop\RogueKiller.exe
[2012/04/18 10:00:02 | 000,168,339 | ---- | C] () -- C:\Users\alex\Desktop\21317414567(2).htm
[2012/04/18 09:59:56 | 000,172,752 | ---- | C] () -- C:\Users\alex\Desktop\21317414567.htm
[2012/04/18 08:14:33 | 000,415,855 | ---- | C] () -- C:\Users\alex\Desktop\choreography for belly dance.pdf
[2012/04/11 08:57:57 | 000,130,003 | ---- | C] () -- C:\Users\alex\Desktop\themostawesomestoryieverhe.jpg
[2012/04/09 18:27:55 | 130,462,258 | ---- | C] () -- C:\Users\alex\Desktop\999576_japanese_enema_squirting_schoolgirls_torture_censored.flv
[2012/04/06 19:16:40 | 000,186,092 | ---- | C] () -- C:\Users\alex\Desktop\Exotic Identities - Dance, Difference,.pdf
[2012/04/06 19:16:23 | 001,322,829 | ---- | C] () -- C:\Users\alex\Desktop\The Many Faces of Spirituality - A Conceptual Framework.pdf
[2012/04/06 19:15:22 | 000,146,373 | ---- | C] () -- C:\Users\alex\Desktop\Sacred Embodiment - Fertility Ritual, Mother Goddess, and Cultures of Belly Dance.pdf
[2012/04/02 18:11:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/08/20 14:35:26 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/28 09:35:50 | 000,021,064 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/15 19:58:04 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2011/04/02 09:19:45 | 002,440,206 | ---- | C] () -- C:\Users\alex\AppData\Local\[j0007]-[p04].bmp
[2011/01/01 16:32:48 | 000,134,656 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/15 09:46:35 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/09/12 19:55:38 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/06/12 19:47:53 | 000,000,411 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/05/03 11:32:29 | 000,000,385 | ---- | M] () -- C:\dse.exe

< %SYSTEMDRIVE%\*.exe >
[2007/05/03 11:32:29 | 000,000,385 | ---- | M] () -- C:\dse.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/08/17 09:17:03 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\.thinkingrock
[2008/09/16 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\AccurateRip
[2007/06/01 16:08:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ACD Systems
[2011/08/08 09:49:05 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Adobe
[2007/05/24 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\AdobeUM
[2010/01/04 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Amazon
[2011/01/07 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\AnvSoft
[2009/03/13 19:53:24 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Artisteer
[2008/11/27 12:48:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Artweaver
[2012/02/18 10:26:36 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ARulerForWindows
[2007/05/30 07:59:41 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Bitstream
[2009/03/27 19:15:01 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\calibre
[2010/01/04 21:24:49 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Canon
[2010/05/22 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\CANON INC
[2010/06/18 11:34:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1
[2011/01/28 15:03:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\com.adobe.ExMan
[2010/01/14 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Convivea
[2007/06/15 01:47:03 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Creative
[2008/09/02 17:49:56 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DAEMON Tools Pro
[2012/01/15 12:11:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DivX
[2008/01/17 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Download Manager
[2011/02/06 14:41:52 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Dropbox
[2012/04/27 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DVD Flick
[2012/04/17 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\dvdcss
[2009/01/07 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Expression Media 2
[2011/09/23 14:03:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\FastStone
[2008/07/19 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Flexigen
[2008/06/30 10:29:14 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\FusionDesk
[2007/07/20 14:15:49 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\GHISLER
[2008/12/29 10:50:23 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Google
[2011/01/07 11:05:01 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\HandBrake
[2009/03/22 12:03:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Help
[2010/01/22 20:38:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\HP
[2007/05/22 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Identities
[2007/07/13 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\IDMComp
[2008/10/05 11:50:48 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\InstallShield
[2008/12/26 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\IrfanView
[2008/07/15 14:52:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\JAM Software
[2011/04/10 18:32:13 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\JGsoft
[2010/08/13 08:52:04 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\KompoZer
[2008/07/15 16:02:00 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Launchy
[2007/05/31 09:54:18 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Lavasoft
[2009/01/07 16:14:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Locate32
[2007/05/22 19:35:30 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Macromedia
[2011/04/20 17:46:24 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Media Center Programs
[2011/08/07 20:46:31 | 000,000,000 | --SD | M] -- C:\Users\alex\AppData\Roaming\Microsoft
[2009/10/03 09:23:25 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Move Networks
[2008/06/18 18:54:34 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Mozilla
[2010/12/01 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Mp3tag
[2007/11/21 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\NCH Swift Sound
[2008/07/19 15:46:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Nero
[2008/06/29 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\NewsLeecher
[2011/08/13 18:02:50 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Notepad++
[2007/05/28 10:40:21 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Opera
[2008/08/15 21:00:21 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Participatory Culture Foundation
[2008/08/16 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PCF-VLC
[2007/05/22 22:45:20 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PeerNetworking
[2008/02/12 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Pointstone
[2011/08/13 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Real
[2011/05/14 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\RipIt4Me
[2010/11/12 14:49:40 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Roxio
[2011/12/08 21:31:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\SanDisk
[2007/08/21 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ScanSoft
[2009/02/10 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\SmartDraw
[2008/10/05 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Sony Corporation
[2011/09/23 13:06:14 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Spotify
[2008/06/30 10:26:44 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\stickies
[2011/07/05 08:27:09 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Sun
[2007/07/29 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Talkback
[2010/01/24 15:51:34 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Thunderbird
[2007/10/16 09:32:11 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Transana 2
[2007/05/23 17:32:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Ulead Systems
[2011/07/23 10:56:48 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\uTorrent
[2012/04/26 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\vlc
[2012/03/08 11:02:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Winamp
[2011/04/25 14:54:42 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Winamp_Backup
[2007/05/28 08:02:04 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\WinRAR
[2007/06/07 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\XnView
[2010/05/22 12:52:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ZoomBrowser EX

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/05/16 21:58:38 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/05/16 21:58:31 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/05/16 21:58:31 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/05/16 21:58:38 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/05/16 21:58:38 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 04:09:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:09:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:09:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 04:09:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 04:07:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 04:07:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 17:33:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 17:33:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 17:33:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 17:33:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 17:33:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 17:33:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 17:33:14 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 4/27/2012 11:02:33 AM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.60% Memory free
6.19 Gb Paging File | 4.81 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 35.00 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 208.02 Gb Free Space | 69.78% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.38 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 255.67 Gb Free Space | 54.91% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (Just Great Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2442573536-1488855162-1681777626-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A61068E-AF51-47A0-AF56-654D0EABE249}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EB3B3BF-1183-4FE2-85F7-1B6CC4B5159C}" = lport=445 | protocol=6 | dir=in | app=system |
"{15AFAB41-EDA5-40BD-A37C-D9A0161C2CD6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{29CCD703-500C-4D11-B287-A47B44EFD303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B8893A0-3884-4528-BA2E-38A3F8E8CF60}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3E49A225-E678-4DDE-9015-6553E45A69B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{4038EFFB-7D71-41E1-B0AE-FD532312E8D5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6040620C-592E-408B-8E3B-AF68998902BF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6B78FB99-7797-4CDC-AE23-201C5766E4CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CEF94DE-5587-4AE9-8759-A56E662A2D0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7F18FCC7-B8E6-4A2E-86DA-95604B5DB3F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{82223F1B-E3E6-4AF4-90D6-1EFE2B915501}" = lport=137 | protocol=17 | dir=in | app=system |
"{9547474B-A7D5-42F8-9665-AF37D113CC61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B635F82A-DD9A-4A45-8AB4-90BBC3CA0F13}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBEE5015-0BA3-4BD8-82FF-4ADC29448508}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1C45677-C154-4B69-AE03-5F86A20F65BD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A318EF-1D3D-487C-A2B8-3DB7916207B9}" = protocol=1 | dir=out | [email protected],-28544 |
"{052F3C07-3AE3-493C-B8F6-0EE6A483AF2A}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{085A49E2-09B2-4678-ABD9-ABEEC723C46C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0A759F7D-4116-422F-B650-83AF42D47233}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{0B0C296D-322E-41A3-A558-94A82EC98E62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{162569D2-1D83-47F3-A830-78F4FC792DA2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1F2C3B31-DF0D-4561-9D20-7EEEECE9A838}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{245FAF7D-EC39-41AC-B53E-12E9141E3C3B}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"{2E899EC9-FF02-4952-8A7A-E2DD62156372}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F6487CB-7C36-4073-A714-C07BCEADEE7D}" = protocol=58 | dir=out | [email protected],-28546 |
"{37A15A7E-5A6B-4EDC-9799-A854FAE30C01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{38DC1F46-6EF7-49F9-A0D5-4F8CE3DFDCAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3A0D67DE-CAC0-4599-8768-8C9B44B73DFE}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"{449BB237-6993-455B-AE20-86F19B8ADB02}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F023A69-76F9-46A3-9376-2315ECFF8C3E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{50293A16-D8DD-4CFC-83D1-ACFB8A404F1E}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{56E1C7C2-C1F8-4AA9-9C99-AA23D172ED2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{56F453EE-1FE3-4A55-AE71-1FBFC9DC97CD}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{5B167275-8EA1-47F3-BB1E-395F39E59025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5D73BD3B-F6AD-4845-9192-340FD00BE82C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5FAAB370-35A4-483A-A483-CF59E4FCF64A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{60547672-D26A-4754-B721-55A8FF26E7A3}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{65B84A74-54C9-43C5-945D-A91005A71AF6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{673A2265-5058-44D3-983C-72610D2D9635}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{6B2987AF-C63B-4D82-A0E7-DD2385257BBE}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{6F4A56A5-0388-4FDD-A80D-B8E3EAE0DF26}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{74B015F5-4E97-43E8-A9AE-1006E413E8E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7977FF99-2CC1-4AD9-9E4A-E440A1D6D834}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7A3AC36C-04E4-4281-9AAD-F36F1780E726}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{85D65DFE-7C64-4605-B6FA-21B2BAEE0218}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{85DE0597-FD17-4F0B-BF0C-7723DD3D0D46}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8668AA27-65BC-4FF0-BA9F-FACE96D6CAAD}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8FB2E442-21F5-491D-B246-EF858E4A5DD6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{91D84927-2CDB-46EB-A2B7-3F6A3A894FC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95C519AD-3160-4AE6-9BA2-67D6E6300DBA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CC3DF03-3451-459E-BFBF-1B2FC44B9F55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A46D5082-54D4-465F-BDF5-3846F04DA900}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A96EE951-91BA-4AF1-B89C-03B81A85FA06}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{ACA28629-DB9A-41E4-A47C-3A2FB436230C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AD759016-5028-437D-AAED-2C6B3F105868}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{ADCD8F4E-495B-4CAB-A4B7-29CEF2900295}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B9CCC459-7DEA-462A-8CAD-A742492CDF6F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BC142752-54D9-4EFF-9C0A-EB5E480C0448}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BE8B1420-C6D4-44B9-9833-EDFB2BB922F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BF80347A-CB73-424B-A262-45AFAFAE73D5}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{D18C8CB1-D0A8-4E1F-8335-123302A1E4E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{DECA9B41-B267-45E5-8A5E-35EFEF5C926A}" = protocol=1 | dir=in | [email protected],-28543 |
"{DEE9D2F6-BF23-48DC-8E36-728D35360E76}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{E8641A48-4124-48FE-B732-596E4ED633AC}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{F8BED84C-BD7C-4C44-A02F-AB9921238143}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FA8C1F2A-F973-442F-BC31-641F67C76C82}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{1829060D-62B5-4F08-920F-F4F643EFA910}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{1D47D97C-DF02-4FC8-A5DD-89FE2FBADF2A}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"TCP Query User{2FD0CBEC-F137-4583-B05F-8B1A2ED073F2}C:\users\alex\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"TCP Query User{30CE7D55-E1C0-40B3-80CD-DCDF04A980C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{30D2992F-CC04-403C-B582-91E5B27266EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33C5C8A8-9F2E-4331-970E-3C51E70722A1}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{3834DD30-F508-4387-82C9-18E3D201DC11}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"TCP Query User{3C0FFFAE-BDFC-4FAD-987A-8ABA0946410F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{42E4A520-A33B-48E1-80A6-B07C5E8B2F16}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{57E4977F-7AA9-4904-8DC7-C589A2A9E574}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{68D4A33F-33F1-440D-ACB9-C42DD797FD22}C:\program files\surfoffline 2\so.exe" = protocol=6 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"TCP Query User{785BB600-24A1-4468-8821-AAC3CA16C8BB}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{78A7EE0E-0647-4FEF-AC26-8B6D743133A3}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"TCP Query User{7A23A9EC-9CC3-4226-9DD5-C2682FB56ED0}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"TCP Query User{7D6C0D17-F4D7-4A22-9CC4-9AEBE01CCA4E}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{8678FC81-2728-4571-A37F-ACA241819491}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |
"TCP Query User{971DF3D5-F179-473A-9142-9C519389FE97}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{B42501B5-7770-427B-B2E4-C17F4C15CABA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{D881930A-685D-441A-ADCD-BD2192A33580}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DC0E3183-652B-465F-B6E3-6B0F880E66EB}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"TCP Query User{E35F87D0-E203-4CB4-ACDE-DA1E1AD50D7B}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"TCP Query User{E5AD1E08-8E97-4C8D-9AC0-D5F2B0125D30}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"TCP Query User{F8D5AF4E-0D16-46E0-80C6-4A2315567DDD}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=6 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{0AEAC2DC-E4C0-4B3C-9B8A-EDD7EF7CC11B}C:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe soundbooth cs4\adobe soundbooth cs4.exe |
"UDP Query User{114FA411-346A-43A8-B5C5-CA666BDFE5C1}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{300CEBD4-9E15-4416-BC1D-4EC197964C6D}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{357F8BF3-4F27-4CD9-ACF7-514D59D7B058}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{528A3A28-5772-452B-9660-4FC2700F0E1C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{73A88C11-E08C-44CA-9A7B-3C7BB60E1751}C:\users\alex\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\alex\desktop\utorrent.exe |
"UDP Query User{90B02371-218D-4162-887D-08DED3AF7CE0}C:\program files\surfoffline 2\so.exe" = protocol=17 | dir=in | app=c:\program files\surfoffline 2\so.exe |
"UDP Query User{A8B98736-E257-4384-A671-98A0BB6BD10D}C:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs4\adobe media encoder.exe |
"UDP Query User{AC30836C-8602-4886-BEA1-8D6BCA3F9B3E}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{AE55290B-7DB0-4B57-9860-CD4F6212650F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B79C510D-EEA7-4BC8-A83E-5F98FC70296B}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{B8DC1893-8090-4505-9ACE-BC306624C4C6}C:\program files\text to speech maker\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\text to speech maker\bin\acatel_srv.exe |
"UDP Query User{CF70EC76-5511-4A05-B1E8-7512C1DB26EF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{D61DC1C3-5A89-4A25-B516-B2E15F03AE79}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{E48796F9-B6F8-4A77-A4FA-CB7FA74EBA72}C:\program files\nextup-acapela\bin\acatel_srv.exe" = protocol=17 | dir=in | app=c:\program files\nextup-acapela\bin\acatel_srv.exe |
"UDP Query User{F160B9C5-2232-42C2-BCF2-E2ACC4A195FB}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{F204AC54-C863-42CD-AAD9-EBB595EC0075}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F441128E-475B-4F2C-A7FB-7F19F2197133}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F5FFB246-8AFC-4B90-8EB9-8BBD3E9F01D0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F8899988-8F1E-495C-87BC-673C71CFFD8E}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{FA3BB6E7-3A38-4307-B5B4-C8A94A2A6A86}C:\program files\adobe\adobe premiere pro cs4\pproheadless.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe |
"UDP Query User{FB171E7E-46D0-4D48-9CCB-0BE455293748}C:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs4\adobe premiere pro.exe |
"UDP Query User{FD52A11E-63D4-49B6-B4DC-A4E5359AFDB9}C:\program files\adobe\adobe encore cs4\adobe encore.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe encore cs4\adobe encore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D87A9A8-62B0-486D-BA10-69A1F8963F43}" = NextUp-Acapela Elan Lucy22 UK English Voice
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70E3A868-C269-4E6D-B225-862AADF7D0AF}" = Adobe Creative Suite 4 Production Premium
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9B20A26E-5233-474D-B83A-027D71D0DC32}" = NextUp-Acapela Elan Graham22 UK English Voice
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A595C6BC-D961-4BAD-ACB3-BE599870D1A1}" = NextUp-Acapela Elan Laura22 US English Voice
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA842D69-22DB-456E-95C7-A5C92593C7C4}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD616D0D-48E4-4B6E-AACA-76ABA3147057}" = Soluto
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0928B04-FD1F-4FF1-8834-75A21C2B836C}" = OneNote Search and Replace
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCF4C336-18DB-449B-9238-821B7F28B614}_is1" = Uninstall A Ruler for Windows
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E13249D4-C0D1-42E8-AF82-A117AA008A75}_is1" = XML:Wrench
"{E140C2EC-9D11-4EA6-AED0-79762A642AF6}" = Eudora
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_36ac9dc8c9a94feb9e5886810012e78" = Adobe Creative Suite 4 Production Premium
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AnyDVD" = AnyDVD
"Artisteer 2" = Artisteer 2
"ASIO4ALL v2" = ASIO4ALL v2
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.2
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"EditPad Lite" = Just Great Software EditPad Lite 6.6.0
"EditPad Pro 6" = Just Great Software EditPad Pro 6 DEMO 6.7.0
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"IsoBuster_is1" = IsoBuster 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LookInMyPC" = LookInMyPC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.47b
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"QuickPar" = QuickPar 0.9
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SABnzbd" = SABnzbd 0.6.2
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"SUPER ©" = SUPER © Version 2010.bld.41 (Oct 31, 2010)
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TextAloud MP3_is1" = TextAloud
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verbose" = Verbose Uninstall
"VLC media player" = VLC media player 1.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"VueScan" = VueScan
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.2" = ClosetMaid v1.5.2
"Move Media Player" = Move Media Player
"Sansa Updater" = Sansa Updater
"Spotify" = Spotify
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2011 1:49:44 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/4/2011 1:49:45 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/4/2011 1:49:45 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/4/2011 5:36:42 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 9:32:20 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:08:59 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:09:03 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:09:08 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2011 12:09:11 PM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/9/2011 10:07:24 AM | Computer Name = desktop | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 4/15/2010 3:31:47 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/15/2010 5:38:07 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/19/2010 7:22:56 PM | Computer Name = desktop | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 4/19/2010 7:22:56 PM | Computer Name = desktop | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 5/4/2010 3:39:30 AM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/29/2010 7:39:10 AM | Computer Name = desktop | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 5/29/2010 7:39:14 AM | Computer Name = desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 7:21:12 AM | Computer Name = desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2010 7:21:15 AM | Computer Name = desktop | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 2/1/2011 3:22:45 PM | Computer Name = desktop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/4/2011 9:20:22 PM | Computer Name = desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/18/2012 8:21:57 PM | Computer Name = desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2700
seconds with 1680 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#11
Alexandra D. Porsi
Posted 27 April 2012 - 10:16 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/04/2012 12:16:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2012 3:30:57 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 27/04/2012 3:32:28 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt Lbd

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#12
Alexandra D. Porsi
Posted 27 April 2012 - 10:17 AM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/04/2012 12:17:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/04/2012 3:31:04 PM
Type: Warning Category: 0
Event: 1035 Source: Microsoft-Windows-SpoolerSpoolss
The print spooler failed to load print provider C:\Users\alex\AppData\Local\Temp\362C.tmp. This can occur because of system instability or a lack of system resources.
  • 0

#13
RKinner
Posted 27 April 2012 - 10:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Let's clean up some deadwood:

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ddduqcku.sys -- (ddduqcku)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O32 - AutoRun File - [2009/02/12 10:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc delete pgfilter /c
sc delete Lbd /c
sc delete IpInIp /c
sc delete GMSIPCI /c
sc delete ddduqcku /c
sc delete bdrive /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

How is it running now? Any problems left?

Did you install LogMeIn? If you don't use it uninstall it.
  • 0

#14
Alexandra D. Porsi
Posted 27 April 2012 - 12:31 PM

Alexandra D. Porsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Everything seems okay now. I just have to rebuild my start menu, which is no big deal, and I don't see the final OTL log anywhere, for some reason. I also uninstalled LogMeIn.

Oh my gosh, thank you so much. I really appreciate your help.
  • 0

#15
RKinner
Posted 27 April 2012 - 12:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You might be able to use this link
http://www.vistax64....-shortcuts.html
to rebuild the default menus

Cleanup time:
We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP