Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Applications won't start [Solved]


  • This topic is locked This topic is locked

#16
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi memmons9. Please follow the previous post's instructions for your laptop. I will work on your desktop's OTL log in the mean time. Let's tackle the laptop first though. Things might get nasty if we work on both at once. We are probably almost done with the laptop though.
  • 0

Advertisements


#17
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
If you want to work on both at the same time we could start a new thread to keep things organized. If you want to do this please let me know and also for the new thread make sure to say that I am helping you and nobody else should take the thread.
  • 0

#18
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I will follow whatever your recommendation is. I just noticed you post #14 so I will take care of that now.

Edited by memmons9, 08 May 2012 - 04:13 AM.

  • 0

#19
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Here are the reports for the laptop that you requested in post #14 above.

All processes killed
========== OTL ==========
Folder C:\ProgramData\B7E85B3E000CE037006584C7B4EB2331\ not found.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012 folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 24306048 bytes
->Temporary Internet Files folder emptied: 37311183 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 05082012_061808

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Michael\AppData\Local\Temp\VGXFD42.tmp moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BHZYJNVA\fastbutton[1].htm moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...




OTL logfile created on: 5/8/2012 6:26:21 AM - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Michael\Desktop\Malware Apps\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 45.79% Memory free
7.49 Gb Paging File | 5.39 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.22 Gb Total Space | 370.07 Gb Free Space | 81.47% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 17:13:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\Malware Apps\OTL\OTL.exe
PRC - [2012/04/30 09:06:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 19:38:23 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2009/08/10 01:30:54 | 000,529,256 | ---- | M] (Toshiba) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2008/03/18 20:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/18 20:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
MOD - [2008/01/08 18:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/08 16:09:28 | 000,290,816 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/04/06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/30 09:06:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 19:38:23 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/17 05:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files (x86)\RapidBIT\cisvc.exe -- (FlexService)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/07/19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/03/30 23:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2295F3AD-D640-48E2-B09F-6FF1DE88294B}
IE:64bit: - HKLM\..\SearchScopes\{2295F3AD-D640-48E2-B09F-6FF1DE88294B}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2724386
IE - HKLM\..\SearchScopes\{F341F7B0-37EA-4FB1-8E26-ECAAD84F8541}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKU\S-1-5-19\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKU\S-1-5-20\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}

IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes,DefaultScope = {F341F7B0-37EA-4FB1-8E26-ECAAD84F8541}
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{30CFB165-2CF1-7712-E58F-3A8DBE9E3CFA}: "URL" = http://www.incredima...g=2-428-0-2Xb3h
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{779B5988-7E52-46A7-8F0C-D71E265086C0}: "URL" = http://search.yahoo....1042,6901,0,8,0
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incre...&loc=search_box
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2724386
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=DgV58jRbd1
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{E1F1D83E-270B-054F-25C9-60461DF5B614}: "URL" = http://www.startnow....ion=6.1-x64-SP1
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\SearchScopes\{F341F7B0-37EA-4FB1-8E26-ECAAD84F8541}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-375859105-3073260222-753941328-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/12/27 15:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/25 15:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 16:30:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/15 09:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/07 07:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{36043D4F-1972-4A6F-A1EB-B0EDBFBD2C8D}: C:\Users\Michael\AppData\Local\{36043D4F-1972-4A6F-A1EB-B0EDBFBD2C8D} [2011/08/28 17:25:48 | 000,000,000 | ---D | M]

[2012/02/16 09:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/05/01 22:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kfb44105.default\extensions
[2012/04/11 16:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2012/05/07 06:03:43 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/23 11:10:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/08 06:18:11 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120425152407.dll (McAfee, Inc.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425152407.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-375859105-3073260222-753941328-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-375859105-3073260222-753941328-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-375859105-3073260222-753941328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Lost%20Continent%202%20in%201%20Pack/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7CA527C-9CC5-4A6E-AB70-DD76C5F82005}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D01D5AB3-8A38-4A3B-A7FF-04B3C79DD570}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-375859105-3073260222-753941328-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 06:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/07 06:01:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/07 06:01:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/05 17:03:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/01 18:15:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2012/05/01 18:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/01 07:29:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Spam Monitor
[2012/05/01 07:29:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PC Tools
[2012/05/01 07:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/01 07:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/01 07:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/01 07:05:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TestApp
[2012/04/30 09:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B3E000CE037006584C7B4EB2331
[2012/04/29 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Macrovision

========== Files - Modified Within 30 Days ==========

[2012/05/08 06:32:03 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 06:29:42 | 000,022,096 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 06:29:42 | 000,022,096 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 06:26:22 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/05/08 06:21:25 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 06:21:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/08 06:18:11 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/05/08 05:42:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/07 18:55:49 | 001,509,318 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/07 18:55:49 | 000,649,082 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/07 18:55:49 | 000,625,738 | ---- | M] () -- C:\windows\SysNative\perfh01D.dat
[2012/05/07 18:55:49 | 000,132,322 | ---- | M] () -- C:\windows\SysNative\perfc01D.dat
[2012/05/07 18:55:49 | 000,114,970 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/30 18:43:33 | 000,000,486 | ---- | M] () -- C:\Users\Michael\Desktop\Patriots.website
[2012/04/30 07:52:21 | 000,002,693 | ---- | M] () -- C:\Users\Michael\Desktop\Microsoft Office Word 2007.lnk
[2012/04/29 16:59:00 | 000,000,102 | ---- | M] () -- C:\Users\Michael\jobq.dat
[2012/04/29 08:50:00 | 000,000,541 | ---- | M] () -- C:\Users\Michael\Desktop\$4 Prescription Program - Walmart.com.website
[2012/04/29 08:28:54 | 000,000,480 | ---- | M] () -- C:\Users\Michael\Desktop\New Hampshire Downloadable Books.website
[2012/04/17 15:03:39 | 000,000,528 | ---- | M] () -- C:\Users\Michael\Desktop\Convert text and ebooks to the MOBI format.website
[2012/04/11 16:30:43 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/04/30 09:06:21 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 07:52:21 | 000,002,693 | ---- | C] () -- C:\Users\Michael\Desktop\Microsoft Office Word 2007.lnk
[2012/04/11 17:02:30 | 000,000,528 | ---- | C] () -- C:\Users\Michael\Desktop\Convert text and ebooks to the MOBI format.website
[2012/04/11 16:30:43 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/14 09:26:15 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2011/12/03 13:01:08 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/10/21 13:16:20 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/08/23 10:18:54 | 000,611,840 | ---- | C] () -- C:\windows\SysWow64\DVD43.dll
[2011/07/20 17:06:52 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{A89913E6-4F95-478B-8CBD-D7C195FAE456}
[2011/07/20 17:06:51 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{09CEAEBF-157C-4BDA-AC14-DE9832C0FA10}
[2011/03/27 18:35:01 | 000,000,215 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/01/29 07:51:30 | 000,044,544 | ---- | C] () -- C:\windows\SysWow64\gif89.dll
[2011/01/09 20:04:24 | 000,000,035 | ---- | C] () -- C:\windows\EPART810.ini
[2010/12/23 17:42:44 | 000,000,007 | ---- | C] () -- C:\windows\SysWow64\mkghj.dll
[2010/11/30 13:31:28 | 000,014,848 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/23 02:02:01 | 000,000,026 | ---- | C] () -- C:\windows\Irremote.ini
[2010/10/22 04:12:08 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2010/10/22 02:54:03 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/10/20 10:05:19 | 000,190,976 | R--- | C] () -- C:\windows\SysWow64\Wgalogon.dll
[2010/10/04 13:43:40 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2010/10/04 13:43:40 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2010/10/04 13:43:40 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2010/10/04 13:43:40 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2010/10/04 13:43:40 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2010/10/04 13:43:40 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2010/10/04 13:43:40 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2010/10/04 13:43:40 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2010/10/04 13:43:40 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2010/10/04 13:43:40 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2010/10/04 13:43:40 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2010/10/04 13:43:40 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2010/10/04 13:43:40 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2010/10/04 13:43:40 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2010/10/04 13:43:40 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2010/10/04 13:43:40 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2010/06/18 08:18:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/06/18 08:16:27 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/02/10 14:23:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Amazon
[2011/11/20 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Awem
[2012/05/01 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BitTorrent
[2011/10/07 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cerasus.media
[2012/02/13 08:40:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DriverCure
[2011/09/06 22:17:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Epson
[2012/02/25 11:50:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FixCleaner
[2011/10/06 16:48:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\funkitron
[2012/02/12 16:51:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GoodSync
[2011/10/31 12:05:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hoyle FaceCreator
[2011/12/16 17:26:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/10/31 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iWin
[2011/12/05 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JLAdventCalendarClassic2011
[2011/07/25 16:29:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JTTSoft
[2011/07/18 08:06:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mjusbsp
[2011/10/04 10:13:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Movie Label
[2011/09/07 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/04/07 07:35:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Softinterface, Inc
[2012/05/06 13:35:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SolSuite
[2012/05/01 07:29:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Spam Monitor
[2012/02/13 08:40:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SpeedyPC Software
[2011/11/20 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SpinTop
[2011/11/20 12:56:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SpinTop Games
[2010/10/24 20:17:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/10 18:41:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SupportSoft
[2011/09/25 17:47:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2012/05/01 07:05:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TestApp
[2012/02/16 09:48:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2010/10/22 02:31:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Tific
[2010/10/28 08:22:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Toshiba
[2011/01/07 18:50:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TreeCardGames
[2011/02/07 10:11:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
[2011/10/21 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Virtual Prophecy
[2010/10/19 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WeatherBug
[2012/02/16 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Webshots
[2011/01/16 09:42:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2010/10/15 17:47:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WildTangentv1002
[2010/10/22 02:13:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WinBatch
[2011/08/24 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2011/12/11 11:50:19 | 000,032,538 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:8668AB36
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:DA18FD1D
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:3BE2905A
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5A99DEB7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:74A872C7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30E53875
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8BD8CD95
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:699492AA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C22C13A5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2BDCFAD6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:538DC028
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:AC81F8AE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0CE0AE44
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:7C60A173
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:AA243C48
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:5D59B736
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:EB825D08
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:EA34E08F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:69DA000E

< End of report >




RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Michael [Admin rights]
Mode: Remove -- Date: 05/08/2012 06:38:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++
--- User ---
[MBR] b1b8579e1bf6e99e0705c4ea7f0e4701
[BSP] 7b7aa0ddb414f5eb1163a02df522966a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465126 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955652096 | Size: 10313 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#20
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I noticed when I was looking at how task bar icons are displayed that there was a choice for B7E85B3E000CE037006584C7B4EB2331, a Smart Fortress file. I went to Folder C:\ProgramData\B7E85B3E000CE037006584C7B4EB2331 and manually deleted the folder. I hope this move was ok.
  • 0

#21
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi memmons9. Your OTL fix worked except for deleting the folder that you deleted manually. Please verify that the folder is no longer there. Also please use your computer for at least a couple hours and verify there are no more malware symptoms. We are approaching completion. Then please do the following:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Things to see in your next post:
MBAM log
verification folder is no longer present
computer status

  • 0

#22
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I checked to see that folder in C:\Program Data that I manually deleted has not returned. Here is the MBAM report:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [administrator]

Protection: Disabled

5/8/2012 7:49:42 PM
mbam-log-2012-05-08 (19-49-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210377
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I have been using this laptop for the last couple days and there is no further indications of problems. I have shut the desktop down so it doesn't have a chance to corrupt this laptop through my home network. How should I ensure that corruption back into this computer doesn't happen when I start working on the Desktop problems? Do you want to continue on this thread or start a new one?
  • 0

#23
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Let's continue with this thread. I will consult a colleague to determine what needs to be done to prevent infection of the laptop by the desktop. I should have a response for you tomorrow around noon or so pacific time since I already completed analysis of your OTL log.
  • 0

#24
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello memmons9. I finished looking at your desktop OTL log. It's a little dirty... We have a bunch of stuff to fix using OTL, an extras scan to run, a scan to do with Roguekiller, two files to upload to see if they're malicious or not, and we will try run aswMBR after the OTL fix. Please do the following:

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2012/05/07 16:28:26 | 000,479,232 | ---- | M] () -- C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331\B7E85B32000083BB005E29D8B4EB2331.exe
    
    MOD - [2012/05/07 16:36:11 | 000,367,104 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\wsevig.dll
    MOD - [2012/05/07 16:28:26 | 000,479,232 | ---- | M] () -- C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331\B7E85B32000083BB005E29D8B4EB2331.exe
    
    O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    
    O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [GrooveWorkspaceManagerApplication] C:\Users\User\AppData\Local\Groove\GrooveWorkspaceManagerApplication.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [pxfer] C:\Users\User\pxfer.exe ()
    O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [saprer] C:\Users\User\AppData\Local\Temp\saprer.dll (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [wsevig] C:\Users\User\AppData\Local\Temp\wsevig.dll ()
    
    O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\RunOnce: [B7E85B32000083BB005E29D8B4EB2331] C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331\B7E85B32000083BB005E29D8B4EB2331.exe ()
    
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    
    O7 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
    
    [2012/05/07 16:31:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
    [2012/05/07 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331
    [2012/05/07 16:28:20 | 000,035,808 | ---- | C] (Microsoft Corporation) -- C:\Users\User\1frp.exe
    
    [2012/05/07 16:39:55 | 000,000,134 | ---- | M] () -- C:\Users\User\Desktop\Smart Fortress 2012 Support Site.url
    [2012/05/07 16:31:13 | 000,001,090 | ---- | M] () -- C:\Users\User\Desktop\Smart Fortress 2012.lnk
    [2012/05/07 16:28:32 | 000,458,752 | RHS- | M] () -- C:\Users\User\pxfer.exe
    [2012/05/07 16:28:23 | 000,458,752 | ---- | M] () -- C:\Users\User\start1.exe
    [2012/05/07 16:28:21 | 000,175,104 | ---- | M] () -- C:\Users\User\zfrp.exe
    
    [2012/05/07 16:39:55 | 000,000,134 | ---- | C] () -- C:\Users\User\Desktop\Smart Fortress 2012 Support Site.url
    [2012/05/07 16:31:13 | 000,001,090 | ---- | C] () -- C:\Users\User\Desktop\Smart Fortress 2012.lnk
    [2012/05/07 16:28:32 | 000,458,752 | RHS- | C] () -- C:\Users\User\pxfer.exe
    [2012/05/07 16:28:23 | 000,458,752 | ---- | C] () -- C:\Users\User\start1.exe
    [2012/05/07 16:28:21 | 000,175,104 | ---- | C] () -- C:\Users\User\zfrp.exe
    [2012/01/02 16:14:08 | 000,010,596 | -HS- | C] () -- C:\Users\User\AppData\Local\00yc6o56sj7
    [2012/01/02 16:14:08 | 000,010,596 | -HS- | C] () -- C:\ProgramData\00yc6o56sj7
    
    [2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Quick Scan button. Post the log it produces in your next reply as well.

Step 2

  • Run OTL
  • Click the None button
  • Select the Use SafeList option in the Extra Registry section
  • Then click the Run Scan button at the top
  • Let the program run unhindered
  • Then post the produced log (Extras.txt in the same directory as OTL)

Step 3

  • Download RogueKiller to the desktop
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the contents of the notepad window into your next post

Step 4

There are several suspicious files on your machine that might or might not be malware. We will scan them to verify. Let me know if you have any trouble following these instructions. Please do the following:

  • Go to this site
  • Click the browse button on the top of the page
  • Navigate to this file C:\Windows\SysNative\drivers\KmxAgent.asc and click the open button
  • Click the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button
  • Once the Scan is completed, click on the Copy to Clipboard button at the bottom of the page. This will copy the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Now repeat the above instructions but this time for C:\Windows\LPRES.DLL

Step 5

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL fix log
OTL.txt
extras log
RKreport[#].txt
virscan upload results
aswMBR log

  • 0

#25
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Also make sure not to copy files between the computers as this could result in infection of the laptop. Otherwise the laptop should not be susceptible to reinfection.
  • 0

Advertisements


#26
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Just some observations:
Bootup was normal but the following message (same message has been popping up for several weeks)"User Account Control" message. "Do you want to allow the following program to make changes to this computer?
Program Name: Adobe Flash Player
Verified Publisher: Adobe Systems Incorporated
File Origin: Hard Drive on this computer
Program Location: C:\Users\User\AppData\local\Temp\Inst.... (the rest is off the screen)

As always, I answered NO. The message disappears and immediately pops back up again. I ran your instructions with this message on the screen.

After I ran the OTL RunFix and reboot this message did not return to the screen.

I should also note that in Step 4 of your instructions to browse to C:\windows\SysNative\drivers\KmxAgent.asc. There is no such folder in windows "SysNative". This is strange because I definately remember seeing "SysNative" during one of the OTL scans because it was displayed on the bottom of the screen for several seconds. The only folders that are close are System, System32 and SysWOW64.

The aswMBR scan failed again with the message "AVAST! Antirootkit stopped working". It did run 7 minutes this time (much shorter last time). The last line in the scan was "C:\windows\assembly\GAC_MSIL\microsoft.security.ApplicationID.Policyma.... (rest was off the screen). So there is no aswMBR scan log.

Here are the scans reports you requested:

VirSCAN.org Scanned Report :
Scanned time : 2012/05/09 17:04:26 (EDT)
Scanner results: Scanners did not find malware!
File Name : LPRES.DLL
File Size : 13312 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 32a40760e937613899c5ac6f714116d5
SHA1 : 51566055b15b6e0db8ff1b1ca589415b283fe41b
Online report : http://r.virscan.org...f6517e814d90755

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120509100118 2012-05-09 0.32 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.06 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.17 -
Arcavir 2011 201205081507 2012-05-08 4.37 -
Authentium 5.1.1 201205091321 2012-05-09 1.59 -
AVAST! 4.7.4 120509-0 2012-05-09 0.17 -
AVG 12.0.1782 2425/4987 2012-05-09 0.26 -
BitDefender 7.90123.7155731 7.42212 2012-05-09 3.72 -
ClamAV 0.97.3 14904 2012-05-09 0.17 -
Comodo 5.1 12265 2012-05-09 2.44 -
CP Secure 1.3.0.5 2012.05.10 2012-05-10 0.20 -
Dr.Web 7.0.1.2210 2012.05.09 2012-05-09 12.51 -
F-Prot 4.6.2.117 20120509 2012-05-09 0.86 -
F-Secure 7.02.73807 2012.05.09.07 2012-05-09 0.21 -
Fortinet 4.3.392 15.513 2012-05-08 0.38 -
GData 22.4904 20120509 2012-05-09 5.63 -
ViRobot 20120509 2012.05.09 2012-05-09 0.36 -
Ikarus T3.1.32.20.0 2012.05.09.81149 2012-05-09 5.60 -
JiangMin 13.0.900 2012.05.09 2012-05-09 2.23 -
Kaspersky 5.5.10 2012.05.09 2012-05-09 0.31 -
KingSoft 2009.2.5.15 2012.5.9.9 2012-05-09 0.87 -
McAfee 5400.1158 6706 2012-05-09 8.83 -
Microsoft 1.8304 2012.05.09 2012-05-09 4.78 -
NOD32 3.0.21 7124 2012-05-09 0.17 -
Panda 9.05.01 2012.05.09 2012-05-09 2.58 -
Trend Micro 9.500-1005 8.984.03 2012-05-09 0.19 -
Quick Heal 11.00 2012.05.08 2012-05-08 1.02 -
Rising 20.0 24.09.00.02 2012-05-07 1.23 -
Sophos 3.31.1 4.77 2012-05-10 4.46 -
Sunbelt 3.9.2536.2 11893 2012-05-08 0.90 -
Symantec 1.3.0.24 20120509.002 2012-05-09 0.52 -
nProtect 20120508.02 11256487 2012-05-08 1.22 -
The Hacker 6.8.0.0 v00004 2012-05-07 0.56 -
VBA32 3.12.16.4 20120508.1956 2012-05-08 3.40 -
VirusBuster 5.5.0.2 14.2.62.1/8699749 2012-05-09 0.17 -



OTL logfile created on: 5/9/2012 4:35:49 PM - Run 4
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.98% Memory free
15.98 Gb Paging File | 13.69 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.03 Gb Total Space | 818.79 Gb Free Space | 89.09% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 2.23 Gb Free Space | 18.03% Space Free | Partition Type: NTFS
Drive G: | 74.53 Gb Total Space | 43.50 Gb Free Space | 58.37% Space Free | Partition Type: NTFS
Drive N: | 298.09 Gb Total Space | 167.93 Gb Free Space | 56.34% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/09 16:15:42 | 000,253,952 | RHS- | M] () -- C:\Users\User\roiebe.exe
PRC - [2012/05/07 17:29:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/04/27 08:32:46 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/03 15:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/03/16 03:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 03:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 03:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 03:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/08/20 11:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2006/12/20 01:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe
PRC - [2005/07/25 17:04:18 | 000,303,104 | ---- | M] (Digital Networks North America, Inc.) -- C:\Windows\SysWOW64\RioMSC.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 16:15:42 | 000,253,952 | RHS- | M] () -- C:\Users\User\roiebe.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/06/03 15:43:14 | 001,703,936 | ---- | M] () -- C:\Users\User\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 15:34:18 | 003,764,224 | ---- | M] () -- C:\Users\User\AppData\Roaming\PictureMover\Bin\Core.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 01:51:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/30 21:27:16 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/27 08:32:47 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/30 21:27:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 03:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/20 01:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)
SRV - [2005/07/25 17:04:18 | 000,303,104 | ---- | M] (Digital Networks North America, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\RioMSC.exe -- (RioMSC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/08 02:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 02:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 01:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/21 00:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/09 07:54:42 | 000,337,744 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2010/03/22 14:58:42 | 000,108,024 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/31 07:10:58 | 000,237,936 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/14 12:46:46 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 19:12:38 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/05 06:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012/03/05 13:11:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/27 09:45:15] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/13 18:48:54 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\User\Desktop\P2P\PeerGuardian2 x64\pgfilter.sys -- (pgfilter)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}
IE:64bit: - HKLM\..\SearchScopes\{D24BC710-27B9-46C9-A788-5DA92D416EC3}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}
IE - HKLM\..\SearchScopes\{D24BC710-27B9-46C9-A788-5DA92D416EC3}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\SearchScopes,DefaultScope = {DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\SearchScopes\{D24BC710-27B9-46C9-A788-5DA92D416EC3}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\SearchScopes\{DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.roadrunner.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.176.0
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\User\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/30 08:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/07/21 08:31:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 16:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 14:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 16:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 14:55:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User\AppData\Roaming\Move Networks [2010/12/13 10:19:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1E76F08F-9884-11E1-826E-B8AC6F996F26}: C:\Users\User\AppData\Local\{1E76F08F-9884-11E1-826E-B8AC6F996F26}\ [2012/05/07 16:36:12 | 000,000,000 | ---D | M]

[2010/01/10 13:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/05/03 07:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vzz9p6ea.default\extensions
[2010/04/04 12:46:02 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vzz9p6ea.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010/03/27 09:59:15 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vzz9p6ea.default\extensions\[email protected]
[2012/01/03 10:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/31 22:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 14:47:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 08:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/01/03 10:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2012/05/07 16:36:12 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\USER\APPDATA\LOCAL\{1E76F08F-9884-11E1-826E-B8AC6F996F26}
[2012/01/03 10:50:03 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/05/09 16:23:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120427023918.dll (McAfee, Inc.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507124952.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files (x86)\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [cdloader] C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S795.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [EPSON Artisan 810 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SD20E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [EPSON77F26B] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SDBFE.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [roiebe] C:\Users\User\roiebe.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B282681D-70A6-4A1B-86F9-4EF9EBCE7673}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{aaa668e5-3925-11e0-97e2-0026554841c7}\Shell - "" = AutoRun
O33 - MountPoints2\{aaa668e5-3925-11e0-97e2-0026554841c7}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 16:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/09 16:23:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/09 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Malware Fix 5-9-12
[2012/05/07 17:29:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/05/07 16:43:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Malware Apps
[2012/05/07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E76F08F-9884-11E1-826E-B8AC6F996F26}
[2012/05/07 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331
[2012/05/07 16:28:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Groove
[2012/05/05 10:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/05 09:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/05 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/23 11:30:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{68D9077B-4DED-444D-A233-39D686427D49}
[2012/04/23 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{024CABDE-724E-446D-9C28-A437CF23C214}

========== Files - Modified Within 30 Days ==========

[2012/05/09 16:38:47 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 16:38:47 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 16:35:47 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/05/09 16:33:20 | 000,040,960 | ---- | M] () -- C:\Users\User\toopul.com
[2012/05/09 16:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/09 16:29:22 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 16:28:33 | 000,313,108 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2012/05/09 16:28:33 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2012/05/09 16:28:33 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2012/05/09 16:23:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/09 16:15:42 | 000,253,952 | RHS- | M] () -- C:\Users\User\roiebe.exe
[2012/05/09 16:15:37 | 000,175,104 | ---- | M] () -- C:\Users\User\zwvh.exe
[2012/05/09 16:15:35 | 000,041,952 | ---- | M] () -- C:\Users\User\1wvh.exe
[2012/05/09 16:15:33 | 000,040,960 | ---- | M] () -- C:\Users\User\nqu.com
[2012/05/07 18:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/07 17:29:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/05/07 16:30:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012/05/07 12:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/05/05 16:55:49 | 010,893,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/05 16:55:49 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/05 16:55:49 | 000,699,346 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/05/05 16:55:49 | 000,697,880 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012/05/05 16:55:49 | 000,697,262 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/05/05 16:55:49 | 000,687,496 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/05/05 16:55:49 | 000,684,112 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012/05/05 16:55:49 | 000,671,958 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/05/05 16:55:49 | 000,640,334 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/05/05 16:55:49 | 000,631,298 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012/05/05 16:55:49 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012/05/05 16:55:49 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/05 16:55:49 | 000,559,924 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/05/05 16:55:49 | 000,470,326 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/05/05 16:55:49 | 000,456,740 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012/05/05 16:55:49 | 000,407,890 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012/05/05 16:55:49 | 000,148,460 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/05/05 16:55:49 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/05 16:55:49 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012/05/05 16:55:49 | 000,133,902 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/05/05 16:55:49 | 000,133,090 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/05/05 16:55:49 | 000,132,666 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012/05/05 16:55:49 | 000,128,244 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/05/05 16:55:49 | 000,127,294 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/05/05 16:55:49 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012/05/05 16:55:49 | 000,121,938 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012/05/05 16:55:49 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/05 16:55:49 | 000,104,826 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012/05/05 16:55:49 | 000,089,586 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/05/05 16:55:49 | 000,079,954 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/05/05 16:55:49 | 000,077,246 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012/05/05 10:34:49 | 000,000,102 | ---- | M] () -- C:\Users\User\jobq.dat
[2012/05/05 10:24:59 | 000,000,994 | ---- | M] () -- C:\Users\User\Desktop\magicJack.lnk
[2012/05/05 10:00:06 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 16:03:12 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/27 08:33:47 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/23 11:44:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/17 13:20:26 | 000,009,648 | ---- | M] () -- C:\Users\User\t26489o4c9s.jpg
[2012/04/10 08:32:20 | 001,198,657 | ---- | M] () -- C:\Users\User\Desktop\Motorola S9_BT_Headphones.pdf

========== Files Created - No Company Name ==========

[2012/05/09 16:33:20 | 000,040,960 | ---- | C] () -- C:\Users\User\toopul.com
[2012/05/09 16:15:42 | 000,253,952 | RHS- | C] () -- C:\Users\User\roiebe.exe
[2012/05/09 16:15:37 | 000,175,104 | ---- | C] () -- C:\Users\User\zwvh.exe
[2012/05/09 16:15:35 | 000,041,952 | ---- | C] () -- C:\Users\User\1wvh.exe
[2012/05/09 16:15:33 | 000,040,960 | ---- | C] () -- C:\Users\User\nqu.com
[2012/05/05 10:00:06 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/27 08:32:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 14:29:08 | 000,009,648 | ---- | C] () -- C:\Users\User\t26489o4c9s.jpg
[2012/04/10 08:32:20 | 001,198,657 | ---- | C] () -- C:\Users\User\Desktop\Motorola S9_BT_Headphones.pdf
[2012/01/07 21:37:27 | 000,001,854 | ---- | C] () -- C:\Users\User\AppData\Roaming\GhostObjGAFix.xml
[2011/07/21 12:50:14 | 002,347,760 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2011/07/21 12:50:14 | 001,377,008 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2011/07/04 08:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2011/04/03 14:48:42 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/03/25 19:19:39 | 000,000,082 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2010/10/24 10:47:40 | 002,318,416 | ---- | C] () -- C:\Users\User\AppData\Local\tmpDSCF1562.0
[2010/10/24 10:47:40 | 001,112,770 | ---- | C] () -- C:\Users\User\AppData\Local\tmpDSCF1562.JPG
[2010/09/16 10:09:52 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/04/02 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.oit
[2011/05/06 09:06:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2011/04/01 15:05:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Auslogics
[2011/11/23 15:21:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Awem
[2011/12/20 11:12:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2011/01/12 04:19:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CallingID
[2009/12/30 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.ExMan
[2009/12/30 22:06:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/29 13:57:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Epson
[2012/01/03 14:38:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FixCleaner
[2010/01/09 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\jp.co.planex.NetworkManager.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
[2011/02/19 18:16:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\magicJackOutlookAddIn
[2012/05/05 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mjusbsp
[2010/10/10 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2010/09/16 14:15:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2009/12/28 15:09:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PictureMover
[2010/04/04 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Recordpad
[2011/07/26 09:17:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SupportSoft
[2009/12/30 22:18:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2010/01/08 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
[2012/05/07 12:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Scan.job
[2012/04/30 16:03:12 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/07/05 12:31:08 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 5/9/2012 4:44:46 PM - Run 5
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.39% Memory free
15.98 Gb Paging File | 13.68 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.03 Gb Total Space | 818.79 Gb Free Space | 89.09% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 2.23 Gb Free Space | 18.03% Space Free | Partition Type: NTFS
Drive G: | 74.53 Gb Total Space | 43.50 Gb Free Space | 58.37% Space Free | Partition Type: NTFS
Drive N: | 298.09 Gb Total Space | 167.93 Gb Free Space | 56.34% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- L:\Folder Lock\Folder Lock.exe %1
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- L:\Folder Lock\Folder Lock.exe %1
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08589522-53FC-4942-965A-E6838B7D61ED}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E452469-DC35-403E-BC8E-2A6ED8DCDEFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{160D1B39-9970-4730-A2C5-137DE9155E04}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D54D920-C45C-40BD-A921-199D7B9664BB}" = rport=138 | protocol=17 | dir=out | app=system |
"{2D3F7DA5-123B-4FAE-B26A-70DE9209F502}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FDAAE89-FDCA-4710-92C1-61A1789A7196}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D4136E4-F376-41AA-A6C3-C5BF602ACBDD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E03B623-449D-4F92-8C32-3E76BEDC6493}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69EAC56D-5A65-4607-B05E-B8C96FBC8563}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B6318D7-AA0E-4C3F-8CBD-D8FF78CFC8E5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{78F02F0D-C8AF-40A1-91B7-824B64B83A17}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A25963C-DECA-438A-A8D2-E2BE73E4BB53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8251796C-86CE-41AF-9EF8-57CC04F8F89B}" = lport=137 | protocol=17 | dir=in | app=system |
"{82AF75E5-82F0-4782-8767-4CBFBF9E9CD2}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F50AE01-7D8B-4800-B60D-40BE9F3D1C23}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AD8A8435-6507-4866-8241-0D26A6077AE5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B03CECA7-385A-4AB0-8B2C-3780911E590C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B094655E-D65D-450C-83D6-2C3FFAFCFEA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B1228308-56E9-47DB-BF86-ECAD51EB31F7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B91BE242-83D0-4553-9D27-EC8A26ABE8EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDF1489D-F476-40C6-BC8D-DED347BE3CA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C28A4DB6-8802-4D65-AD4F-5C8A8D80BBFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3A228A3-9275-48F7-8CB6-CE0CD5CBC695}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CBCF58B2-C3ED-40EA-B22D-87768B88DCED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCE794AF-B70A-435B-B80B-55DA84D65565}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D038A22F-E961-4EFF-B190-E8910F2945A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF9E95C0-279C-4D7E-B119-9AB485DED0EE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F44A0A9D-DEEF-4DBF-944E-448E8D21233F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6D409CA-B5C1-4740-9093-5D8FD58F9FA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA206D25-2241-4167-8B83-72353524868B}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073DF15E-089D-4ED3-9EE0-B66B957C67D8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{088B6AFF-C9C0-4E10-9D9A-C45F30D3795C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A6D35F4-A3B2-4680-967C-78E5C9BEB115}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{0C858BB0-A3B8-40EE-A078-5E878D588D43}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0E055F5C-DB6A-47E2-BEFC-1B8FAADF5C1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1AF9B073-1D55-43A8-BD50-B8066B7577B7}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{20B0A483-C6C6-4248-8725-68D68EFDB42A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{24162AA0-739A-4300-9820-DD98040CEEC1}" = protocol=58 | dir=in | [email protected],-28545 |
"{29D4BE8B-F787-4804-8DD3-C872A143797D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BDFAF6C-1062-4B34-9E27-32F313524334}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2E204199-2264-4585-993F-4CDC434D01EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E28A962-7035-47D4-ACC5-693764B15640}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2E38D7F7-3054-4D6C-A827-71BA78051C34}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{3A6F6B8E-404A-4F9E-A8CB-1F4C044EB07E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{3E5CB39E-13F6-4561-9AEF-90AA17700C47}" = protocol=1 | dir=in | [email protected],-28543 |
"{4463C5A6-70D4-41A4-AD1A-59D8EF35CCC0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{44FF7FD0-2497-4F6D-87E2-BD354A72486D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{451799D5-AEB5-4637-9E5B-1203E873B345}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{49340559-8B4B-4C87-9990-19BDFF20C917}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4ACD152C-3A45-48B9-BDA1-5E5BD1083F4F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4BC736FA-3779-4937-9DB9-A6C61341C08F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C237308-6EA7-498D-BF84-1BD420BA9567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52C96690-99A7-4AFF-9E3B-93CC9B38E738}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{53A19607-4D09-4E78-AD61-2F9242210606}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{53D84CB0-30C6-4E62-A9CD-DFDE695AE12F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5BC8DCAC-30C9-4AB2-8B00-DD77C12E233A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{5BE3B598-D201-4CFB-9CC6-BD90BA51A208}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{5C06DF1F-02E2-40F8-8BA7-AA8DAB06D568}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{5D1640B6-248F-4D6F-B6EC-FBB73DB12B6A}" = protocol=58 | dir=in | app=system |
"{5F3B02F9-9EEB-41CC-A925-F7734F63540C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{601985CB-1933-44F2-9468-F23BB7F6CB77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6086425E-BB7D-4A35-9AD8-8B37DBBA1A0E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{622805CD-F3FF-4C27-8075-2ECE7FB77DCA}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{7000FCE8-D6B5-410E-B30E-F999C919BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{70AB67D1-CF8B-46B8-9823-8FA78F607165}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{7B653E06-4B40-4A6F-9728-0D78C030FBA8}" = protocol=1 | dir=out | [email protected],-28544 |
"{80A809CC-7473-485B-B98F-852D3C5DD695}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8775E770-4CBF-4FB3-B1EC-230F54441743}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{8DE5D9A4-6A35-468B-96D7-C21C0B0EA894}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{973DF43E-10F6-4350-AE98-7CC4ED21F20F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{980C75D3-4436-4404-B337-D0A3EBD020DA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{98F8381B-856F-4CC6-A472-DC519E6119BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9FD0C8D3-B145-4A13-9411-DBC2DB3CC883}" = protocol=58 | dir=out | [email protected],-503 |
"{9FF7F923-2EE2-47E7-81D7-22A320E5B0C3}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{A4C65F00-A008-4A16-BEE9-22081E9F0E2C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A5A5803E-CC58-4158-B3F3-2FE5F3D995F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A9BD3CDE-9FBD-4887-8ADC-38704F20B097}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAA618B6-E2BE-4680-A60B-94CA52933FED}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{AEDBCFCC-342B-4A7B-BED9-871172CB22AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BB4E8694-BD9A-4F43-AA31-16F9ADEAF8B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BCA1B5C6-8DA5-4D64-BC74-223B77CDE8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{C02CF382-6F6C-49D4-81A3-55DACDC1E362}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2EB7E36-43EB-42BE-A1D0-B123E556E892}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C8050C21-674E-4588-98C9-1EEB739A1EB3}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{D021D08D-AC8A-4D35-9FED-CC21CC1F30EC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{DBF335B8-ED8F-47A5-BBCD-5EB51D038136}" = protocol=58 | dir=out | [email protected],-28546 |
"{ED0C2403-E159-4C92-897F-13D8AD6015E7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EF5FD12C-A61A-47DE-8263-F8AA2A987C62}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{F0EBA277-5E24-4827-9E23-19CD91AC2E40}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F48CC6BD-3C2D-40BE-8E0A-B8032B974DA6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{F5F90CE5-9931-406D-BA9D-90660B09C77D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F646CA01-4E5C-4AE0-88F3-ED5A6900DE44}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F95C0331-AC79-4411-B960-0656A00DD6D4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{FA17111F-1B4A-44F2-BB9B-068D850951C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FA87BD28-7B5A-451C-ABEE-C3A3D3BEE364}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{0450B394-BF8C-4C42-BA43-D765B5A4BE96}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{278794C2-85FE-48F6-B7B1-2739B7740750}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{AF794E2A-C689-4BD4-A9D2-84AB7ACEC342}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{CFA5331C-2624-40C3-A5D5-4F91FC966D66}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{4D46003F-754B-412A-BE87-DB2D36E9C4FC}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7C1C8225-74F6-4D81-863E-CF7AEB6EAC37}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7CEC2E5E-1F42-4082-AC2F-370474B13D75}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{F38202EB-11F5-4284-8572-CBDC8D0E76DF}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6B0BED25-F79E-4FD2-ADEE-3746B61784E2}" = CA Personal Firewall
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5CF5995-5E0B-967D-3FC5-325089795937}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9F4430E-80DE-EC0F-BF8E-476352C8F954}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09F46E3D-EAFB-9390-B6D9-F6DAA73B3ECB}" = CCC Help Finnish
"{0A172278-5048-3BDA-D318-974ED0AA0B95}" = CCC Help Greek
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2536F0-8E7A-340F-9031-1AA60BEFBFD8}" = Catalyst Control Center Graphics Full Existing
"{0D526570-6B8F-3CE9-04DB-16FD2E68FCBE}" = CCC Help Danish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E6CE44A-EE07-1C20-72C8-9A24CA2ED2CB}" = Catalyst Control Center HydraVision Full
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{113F4E2E-416A-33BD-D2A6-39C58AB6ACAC}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.7
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1688104B-0261-42FC-D796-CB97EA5159A4}" = CCC Help Thai
"{16976C6C-F8D5-4317-9DE8-1F6352B66725}" = RAW Image Task
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18812D65-95DB-5482-4CAC-3B3B5E5446B0}" = CCC Help Italian
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D5B3A03-17FD-EC8F-755B-6164ABFF450A}" = CCC Help Turkish
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223CCCD3-2217-9AA1-98F0-2879733549D0}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{282EF7E3-AE54-48AE-A11D-27F512F23AB3}" = Rio Music Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35AD3FC5-D09D-4D9F-8E9C-E40794194EC5}" = Netflix Movie Viewer
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{394F1B21-1FA4-DDE1-C00B-0A3EEA1A94D1}" = ccc-core-static
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40965CEA-43EE-B8D7-09AB-705B5E2A2521}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4680D4CC-5220-6AAF-54D3-C1E75C90A69A}" = CCC Help German
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}" = Rio Internet Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11AE1B-452A-2A9B-250D-EDB725E39199}" = CCC Help Russian
"{4F9B4C70-F223-B34B-C7D3-55FC1D2BAD2E}" = CCC Help Chinese Standard
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5906DAFF-9370-2B54-D483-343ABB9BE748}" = Catalyst Control Center Graphics Light
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{659F8F13-E8C5-C4B8-85E7-1D3912C06929}" = Catalyst Control Center Localization All
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C6B8B89-AC64-4B04-DBE1-992B80C83F1A}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{757E0E87-8F54-46FD-BA00-54CCF341F4A9}" = ArcSoft Print Creations
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B9D9DC4-EDB9-3181-4D1B-E47C34609E0C}" = CCC Help Portuguese
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{821DC151-4691-4E26-AE7E-522921D0FD54}" = RemoteCapture Task
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8966B8B5-D87A-E689-B370-E79B7691299C}" = Catalyst Control Center Core Implementation
"{89EA759B-B9C8-6CB5-6BF2-248961E68809}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931E11B0-1ACE-438D-90AF-E5D8C64880EF}" = Catalyst Control Center - Branding
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C23A506-3E8B-B91C-4F9B-040518EC792D}" = CCC Help Norwegian
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D54290B-CD49-4B36-2EF2-7597FD0D683F}" = CCC Help Swedish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6F42664-73EC-25B0-F3A9-D8CCE53CFB25}" = Catalyst Control Center Graphics Previews Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}" = HydraVision
"{A85C1D92-EC20-49C6-9534-4570428A0128}" = PLANEX Network Manager
"{A8C3083C-A1C1-4248-B0E2-14A7D9F2E9EF}" = BCL easyConverter SDK 1.0.0 Module
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA057BF7-EE60-4063-A52D-39B9FD8BC1C7}" = FixCleaner
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B07E4A53-C39E-9BEB-9716-1953F0EE2953}" = CCC Help French
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B439A476-119C-13A9-6FB8-B2B2D566CF63}" = CCC Help Spanish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54BBB47-5D1A-5C82-614E-0D75C1AD92B5}" = Catalyst Control Center Graphics Previews Vista
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C725937A-C6B3-0D07-A765-029FB1FD66B6}" = CCC Help Chinese Traditional
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D228187B-0D49-44C6-DEA8-64F180D14DB9}" = CCC Help Polish
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D74B4F5A-28CB-33E4-AFC2-412B8227C582}" = CCC Help Dutch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F5492B8D-B6DB-C3D2-8309-1B6A766CAF85}" = Catalyst Control Center Graphics Full New
"{F5F38D48-5AF3-EEEC-7E0C-25D516D1DC74}" = CCC Help Czech
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"0591-8077-9297-0833" = FamilySearch Indexing 3.12.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AI RoboForm" = AI RoboForm (All Users)
"BBrk_is1" = BrainsBreaker 4.10(109)
"BitTorrent" = BitTorrent
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Family Tree Maker 2011" = Family Tree Maker 2011
"Folder Lock" = Folder Lock
"HP Remote Solution" = HP Remote Solution
"InstallShield_{16976C6C-F8D5-4317-9DE8-1F6352B66725}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{821DC151-4691-4E26-AE7E-522921D0FD54}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{A85C1D92-EC20-49C6-9534-4570428A0128}" = PLANEX Network Manager
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Microsoft Picture It!" = Microsoft Picture It! 99
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSC" = McAfee AntiVirus Plus
"Network MagicUninstall" = Network Magic
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"magicJack" = magicJack
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2012 3:05:48 AM | Computer Name = Desktop-PC | Source = MsiInstaller | ID = 11406
Description =

Error - 5/7/2012 3:06:16 AM | Computer Name = Desktop-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 5/7/2012 4:28:26 PM | Computer Name = Desktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x028652ae Faulting process id:
0x1818 Faulting application start time: 0x01cd2c8fc6c38678 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 325d6bd9-9883-11e1-b1ea-0026554841c7

Error - 5/7/2012 4:28:26 PM | Computer Name = Desktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x028652ae Faulting process id:
0x1b88 Faulting application start time: 0x01cd2c8f4dc4b8d1 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 325d44c9-9883-11e1-b1ea-0026554841c7

Error - 5/7/2012 5:19:11 PM | Computer Name = Desktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x1398 Faulting application start time: 0x01cd2c96725ce970 Faulting application path:
C:\Users\User\Desktop\aswMBR\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 4999987f-988a-11e1-bd65-0026554841c7

Error - 5/7/2012 5:25:03 PM | Computer Name = Desktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x4c8 Faulting application start time: 0x01cd2c977aa6fd29 Faulting application path:
C:\Users\User\Desktop\aswMBR\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 1b5825ba-988b-11e1-bd65-0026554841c7

Error - 5/7/2012 5:50:40 PM | Computer Name = Desktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x13bc Faulting application start time: 0x01cd2c9a6b2b4794 Faulting application path:
C:\Users\User\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: af77d7b6-988e-11e1-bd65-0026554841c7

Error - 5/7/2012 5:59:14 PM | Computer Name = Desktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0xd5c Faulting application start time: 0x01cd2c9c04eee855 Faulting application path:
C:\Users\User\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: e1d50e8f-988f-11e1-bd65-0026554841c7

Error - 5/9/2012 4:23:56 PM | Computer Name = Desktop-PC | Source = MsiInstaller | ID = 11406
Description =

Error - 5/9/2012 4:24:23 PM | Computer Name = Desktop-PC | Source = MsiInstaller | ID = 1024
Description =

[ Hewlett-Packard Events ]
Error - 7/14/2010 3:55:53 PM | Computer Name = User-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/13/2010 3:06:34 PM | Computer Name = User-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 1/12/2011 8:07:10 AM | Computer Name = User-PC | Source = Hewlett-Packard | ID = 0
Description = en-US The request is not supported. (Exception from HRESULT: 0x80070032)
interop.Scheduler

at interop.Scheduler.ITaskFolder.CreateFolder(String subFolderName, Object sddl)

at HPHC_Vista_Service.Scheduler.Scheduler.a(Boolean A_0, String A_1, String A_2,
String A_3, Int16 A_4, _TASK_TRIGGER_TYPE2 A_5, String A_6, String A_7)

Error - 2/26/2011 9:03:40 PM | Computer Name = Desktop-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021126080332.xml
File not created by asset agent

Error - 1/7/2012 9:37:26 PM | Computer Name = Desktop-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011207083718.xml
File not created by asset agent

Error - 1/25/2012 2:10:12 AM | Computer Name = Desktop-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011225011009.xml
File not created by asset agent

Error - 1/28/2012 9:08:58 PM | Computer Name = Desktop-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011228080850.xml
File not created by asset agent

Error - 2/11/2012 9:27:53 PM | Computer Name = Desktop-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021211082740.xml
File not created by asset agent

[ Media Center Events ]
Error - 4/4/2011 12:56:11 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 12:56:06 AM - Error connecting to the internet. 12:56:06 AM - Unable
to contact server..

Error - 4/4/2011 1:56:18 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 1:56:18 AM - Error connecting to the internet. 1:56:18 AM - Unable
to contact server..

Error - 4/4/2011 1:56:28 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 1:56:24 AM - Error connecting to the internet. 1:56:24 AM - Unable
to contact server..

Error - 4/4/2011 2:56:35 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 2:56:35 AM - Error connecting to the internet. 2:56:35 AM - Unable
to contact server..

Error - 4/4/2011 2:56:45 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 2:56:40 AM - Error connecting to the internet. 2:56:40 AM - Unable
to contact server..

Error - 4/14/2011 11:49:01 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 11:48:57 AM - Error connecting to the internet. 11:48:57 AM - Unable
to contact server..

Error - 6/13/2011 8:46:35 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 8:46:34 AM - Error connecting to the internet. 8:46:34 AM - Unable
to contact server..

Error - 6/13/2011 8:46:53 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 8:46:40 AM - Error connecting to the internet. 8:46:40 AM - Unable
to contact server..

Error - 6/20/2011 11:40:26 AM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 11:40:22 AM - Error connecting to the internet. 11:40:22 AM - Unable
to contact server..

Error - 6/21/2011 11:44:42 PM | Computer Name = Desktop-PC | Source = MCUpdate | ID = 0
Description = 11:44:42 PM - Error connecting to the internet. 11:44:42 PM - Unable
to contact server..

[ System Events ]
Error - 5/9/2012 4:14:09 PM | Computer Name = Desktop-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/9/2012 4:15:20 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7022
Description = The Function Discovery Resource Publication service hung on starting.

Error - 5/9/2012 4:15:20 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%1070

Error - 5/9/2012 4:17:28 PM | Computer Name = Desktop-PC | Source = DCOM | ID = 10010
Description =

Error - 5/9/2012 4:23:38 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7034
Description = The ArcSoft Connect Daemon service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/9/2012 4:24:32 PM | Computer Name = Desktop-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 3 (SP3).

Error - 5/9/2012 4:29:50 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7000
Description = The HIPS Configuration Interpreter service failed to start due to
the following error: %%3

Error - 5/9/2012 4:29:50 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7001
Description = The HIPS Policy Manager service depends on the HIPS Configuration
Interpreter service which failed to start because of the following error: %%3

Error - 5/9/2012 4:29:50 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7001
Description = The HIPS Event Manager service depends on the HIPS Policy Manager
service which failed to start because of the following error: %%1068

Error - 5/9/2012 4:29:53 PM | Computer Name = Desktop-PC | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2


< End of report >



RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 05/09/2012 16:52:36

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] roiebe.exe -- C:\Users\User\roiebe.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKCU\[...]\Run : roiebe (C:\Users\User\roiebe.exe /s) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2928314340-2203961652-2503396949-1000[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2928314340-2203961652-2503396949-1000[...]\Run : roiebe (C:\Users\User\roiebe.exe /s) -> FOUND
[SUSP PATH] {153A4067-B050-4B39-889F-A4AF4F10A5B8}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[SUSP PATH] {9640AAD2-1B4C-4034-9D82-2B76E6A7EE29}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 SCSI Disk Device +++++
--- User ---
[MBR] 303ed71eee0d7ae975f7e74e8e271a2e
[BSP] 7fb410dcbb6e17d018eb4184d34e3319 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941083 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927544832 | Size: 12684 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HTS541680J9SA00 USB Device +++++
--- User ---
[MBR] 34158c333ff781c6dc17b6ea0232ae1a
[BSP] 3ed1be630cf041f7a6313e401b9d17f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Hitachi VFD200R21K1BMC USB Device +++++
--- User ---
[MBR] f75625424c2a38ead19b49ce26a97cc9
[BSP] bd58fecbabc910fe0b85f76954d1ac59 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



VirSCAN.org Scanned Report :
Scanned time : 2012/05/09 17:04:26 (EDT)
Scanner results: Scanners did not find malware!
File Name : LPRES.DLL
File Size : 13312 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 32a40760e937613899c5ac6f714116d5
SHA1 : 51566055b15b6e0db8ff1b1ca589415b283fe41b
Online report : http://r.virscan.org...f6517e814d90755

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120509100118 2012-05-09 0.32 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.06 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.17 -
Arcavir 2011 201205081507 2012-05-08 4.37 -
Authentium 5.1.1 201205091321 2012-05-09 1.59 -
AVAST! 4.7.4 120509-0 2012-05-09 0.17 -
AVG 12.0.1782 2425/4987 2012-05-09 0.26 -
BitDefender 7.90123.7155731 7.42212 2012-05-09 3.72 -
ClamAV 0.97.3 14904 2012-05-09 0.17 -
Comodo 5.1 12265 2012-05-09 2.44 -
CP Secure 1.3.0.5 2012.05.10 2012-05-10 0.20 -
Dr.Web 7.0.1.2210 2012.05.09 2012-05-09 12.51 -
F-Prot 4.6.2.117 20120509 2012-05-09 0.86 -
F-Secure 7.02.73807 2012.05.09.07 2012-05-09 0.21 -
Fortinet 4.3.392 15.513 2012-05-08 0.38 -
GData 22.4904 20120509 2012-05-09 5.63 -
ViRobot 20120509 2012.05.09 2012-05-09 0.36 -
Ikarus T3.1.32.20.0 2012.05.09.81149 2012-05-09 5.60 -
JiangMin 13.0.900 2012.05.09 2012-05-09 2.23 -
Kaspersky 5.5.10 2012.05.09 2012-05-09 0.31 -
KingSoft 2009.2.5.15 2012.5.9.9 2012-05-09 0.87 -
McAfee 5400.1158 6706 2012-05-09 8.83 -
Microsoft 1.8304 2012.05.09 2012-05-09 4.78 -
NOD32 3.0.21 7124 2012-05-09 0.17 -
Panda 9.05.01 2012.05.09 2012-05-09 2.58 -
Trend Micro 9.500-1005 8.984.03 2012-05-09 0.19 -
Quick Heal 11.00 2012.05.08 2012-05-08 1.02 -
Rising 20.0 24.09.00.02 2012-05-07 1.23 -
Sophos 3.31.1 4.77 2012-05-10 4.46 -
Sunbelt 3.9.2536.2 11893 2012-05-08 0.90 -
Symantec 1.3.0.24 20120509.002 2012-05-09 0.52 -
nProtect 20120508.02 11256487 2012-05-08 1.22 -
The Hacker 6.8.0.0 v00004 2012-05-07 0.56 -
VBA32 3.12.16.4 20120508.1956 2012-05-08 3.40 -
VirusBuster 5.5.0.2 14.2.62.1/8699749 2012-05-09 0.17 -
  • 0

#27
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Don't forget the OTL fix log... it will be in C:\_OTL\MovedFiles with a filename beginning with the date
  • 0

#28
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I was certain that I had included that but here it is:


All processes killed
========== OTL ==========
No active process named B7E85B32000083BB005E29D8B4EB2331.exe was found!
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveWorkspaceManagerApplication deleted successfully.
C:\Users\User\AppData\Local\Groove\GrooveWorkspaceManagerApplication.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pxfer not found.
File C:\Users\User\pxfer.exe not found.
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Run\\saprer deleted successfully.
C:\Users\User\AppData\Local\Temp\saprer.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wsevig deleted successfully.
C:\Users\User\AppData\Local\Temp\wsevig.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B7E85B32000083BB005E29D8B4EB2331 deleted successfully.
C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331\B7E85B32000083BB005E29D8B4EB2331.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThumbnailCache deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012 folder moved successfully.
Folder C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331\ not found.
C:\Users\User\1frp.exe moved successfully.
C:\Users\User\Desktop\Smart Fortress 2012 Support Site.url moved successfully.
C:\Users\User\Desktop\Smart Fortress 2012.lnk moved successfully.
File C:\Users\User\pxfer.exe not found.
C:\Users\User\start1.exe moved successfully.
C:\Users\User\zfrp.exe moved successfully.
File C:\Users\User\Desktop\Smart Fortress 2012 Support Site.url not found.
File C:\Users\User\Desktop\Smart Fortress 2012.lnk not found.
File C:\Users\User\pxfer.exe not found.
File C:\Users\User\start1.exe not found.
File C:\Users\User\zfrp.exe not found.
C:\Users\User\AppData\Local\00yc6o56sj7 moved successfully.
C:\ProgramData\00yc6o56sj7 moved successfully.
C:\install.exe moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: User
->Temp folder emptied: 7993702 bytes
->Temporary Internet Files folder emptied: 14078857 bytes
->Java cache emptied: 319529 bytes
->FireFox cache emptied: 51050955 bytes
->Flash cache emptied: 790 bytes

User: Vista_Laptop

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77513 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 9372179922 bytes

Total Files Cleaned = 9,008.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05092012_162338

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQ2C6QRJ\page__pid__2154929__st__15[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGOM7AKQ\fastbutton[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\hsperfdata_DESKTOP-PC$\1444 not found!

Registry entries deleted on Reboot...
  • 0

#29
memmons9

memmons9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
fix log sent above. I also ran aswMBR again this morning to see if it would complete the scan. I didn't. It stopped at the same scan line as I mentioned above. Immediately after this McAfee popped up a message about trojan removal. It said:

Detected PWS-Zbot.gen-uh (trojan)
Quarantined from: C:\Users\User\Desktop\Malware Fix 5-9-12\05092012-162338\C_Users\User\1frp.exe (this is the desktop folder I created to collect all the reports and applications you have requested. This folder was in the C:\_OTL\moved files folder that I copied over into the Malware Fix 5-9-12 folder along with the runfix log 10 minutes before the McAfee message was received).
  • 0

#30
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi memmons9. I finished analyzing all the most recent logs. No need to worry about the McAfee popup. Extras turned up clean, OTL has a little more dirt to clean, we will upload the KmxAgent.asc file, run Roguekiller again, and try aswMBR without downloading the Avast defintions. Please do the following:

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2012/05/09 16:15:42 | 000,253,952 | RHS- | M] () -- C:\Users\User\roiebe.exe
    MOD - [2012/05/09 16:15:42 | 000,253,952 | RHS- | M] () -- C:\Users\User\roiebe.exe
    O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [roiebe] C:\Users\User\roiebe.exe ()
    [2012/05/09 16:33:20 | 000,040,960 | ---- | M] () -- C:\Users\User\toopul.com
    [2012/05/09 16:15:42 | 000,253,952 | RHS- | M] () -- C:\Users\User\roiebe.exe
    [2012/05/09 16:15:37 | 000,175,104 | ---- | M] () -- C:\Users\User\zwvh.exe
    [2012/05/09 16:15:35 | 000,041,952 | ---- | M] () -- C:\Users\User\1wvh.exe
    [2012/05/09 16:15:33 | 000,040,960 | ---- | M] () -- C:\Users\User\nqu.com
    [2012/05/09 16:33:20 | 000,040,960 | ---- | C] () -- C:\Users\User\toopul.com
    [2012/05/09 16:15:42 | 000,253,952 | RHS- | C] () -- C:\Users\User\roiebe.exe
    [2012/05/09 16:15:37 | 000,175,104 | ---- | C] () -- C:\Users\User\zwvh.exe
    [2012/05/09 16:15:35 | 000,041,952 | ---- | C] () -- C:\Users\User\1wvh.exe
    [2012/05/09 16:15:33 | 000,040,960 | ---- | C] () -- C:\Users\User\nqu.com
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Quick Scan button. Post the log it produces in your next reply as well.

Step 2

  • Download RogueKiller to the desktop
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the contents of the notepad window into your next post

Step 3

There are several suspicious files on your machine that might or might not be malware. We will scan them to verify. Let me know if you have any trouble following these instructions. Please do the following:

  • Go to this site
  • Click the browse button on the top of the page
  • Navigate to this file C:\Windows\syswow64\drivers\KmxAgent.asc and click the open button
  • Click the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button
  • Once the Scan is completed, click on the Copy to Clipboard button at the bottom of the page. This will copy the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 4

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL fix log
OTL.txt
Roguekiller log (RKreport[#].txt)
virscan upload results
aswMBR log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP