[edsmith323]

Hi all

Hopefully someone can help

I somehow picked up the interent secruity 2013 malware worm. I removed it using Malwarebytes booted in safe mode but I dont think I completed cured the probelm. Ever since that point I have been unable to download anything through either IE or Chrome.

Any help on this would be appreciated
Kind Regards

Ed

[Advertisements]

Hello Ed and

My name is Tom and I am going to be helping you with your malware removal. Please note that as I am currently still in training, my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

• Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
• Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
• Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
• If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
• Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
• Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
• Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
• If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
• Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

OTL

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click Run Scan. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Tom

[tom982]

Hello Ed and

My name is Tom and I am going to be helping you with your malware removal. Please note that as I am currently still in training, my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

• Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
• Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
• Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
• If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
• Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
• Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
• Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
• If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
• Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

OTL

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click Run Scan. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Tom

[edsmith323]

Thanks Tom

Running Scan now and will post the results in a mo.

Ed

[edsmith323]

Tom

Log info from OTL scan


OTL logfile created on: 06/05/2013 21:25:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ed\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 47.59% Memory free
5.62 Gb Paging File | 4.14 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): c:\pagefile.sys 2877 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.99 Gb Total Space | 16.53 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.75 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive G: | 960.72 Mb Total Space | 959.89 Mb Free Space | 99.91% Space Free | Partition Type: FAT

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/17 23:08:18 | 001,645,256 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/13 10:41:04 | 000,358,456 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/01/18 06:06:06 | 000,078,592 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/07/19 22:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/06 15:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/12/20 14:36:50 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/03/29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/08 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/04/23 11:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/10 02:38:48 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2013/04/10 02:38:48 | 001,241,088 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/02/13 22:34:31 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/13 22:32:00 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/10 15:59:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/10 15:41:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 15:40:18 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll
MOD - [2013/01/10 15:39:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/10 15:39:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 15:38:33 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/10 15:35:10 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 15:34:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/13 22:33:54 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2008/02/16 00:34:15 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
MOD - [2007/06/28 17:48:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:08 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.35169__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.35168__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:07 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/06/28 17:48:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/06/28 17:48:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007/06/28 17:48:05 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/06/28 17:47:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/06/28 17:47:55 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/06/28 17:47:55 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/06/28 17:47:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/06/28 17:47:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/06/28 17:47:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/06/28 17:47:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/28 17:47:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/03/29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/02 17:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/10/26 17:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/04/18 15:32:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/13 10:36:32 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/01/18 05:59:28 | 000,192,768 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2010/01/18 05:59:20 | 000,150,272 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 21:45:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/19 08:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 13:36:35 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Ed\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/10/11 04:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/06 13:11:12 | 000,035,008 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/05 11:09:08 | 000,051,480 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/03/05 11:09:00 | 000,013,032 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/03/05 11:08:58 | 000,012,600 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/03/05 11:08:56 | 000,109,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/12 17:42:54 | 000,252,928 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/12/17 23:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:42:58 | 000,024,576 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/29 13:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/19 22:17:36 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/02/17 13:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 13:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/10 22:33:39 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/02 17:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/13 12:10:18 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2006/11/02 09:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/11/03 18:14:36 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/11/03 18:14:36 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus)
DRV - [2004/07/16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {8E02D41C-5924-4816-9490-33CCD28BEB72}
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9F536F17-19AC-43C6-AAE3-0D44B531B5BC}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/19 21:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/05 08:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/02/27 16:21:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]

[2010/03/18 19:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions
[2009/01/15 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/18 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/06 12:59:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\Ed\Desktop\avg_remover_stf_x86_2013_2706.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cslconnect.com ([cslvpn] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70308F02-798D-4916-8232-B3B115A8F3D4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/06 21:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 13:14:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/06 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\HPAppData
[2013/05/06 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\temp
[2013/05/06 10:12:40 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Ed\Desktop\avg_remover_stf_x86_2013_2706.exe
[2013/05/06 10:07:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/06 10:07:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/06 10:07:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/06 10:04:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/06 10:03:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/06 09:32:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/06 09:15:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{CB6AB4E8-DF70-4263-A83B-D1BBD563B3AF}
[2013/05/02 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{886EB09B-28FB-4D5A-80EA-52833FD269D5}
[2013/04/29 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Morley-IAS by Honeywell
[2013/04/29 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{D6BB5D0F-9149-4BE7-BFF9-1528D83F040E}
[2013/04/25 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
[2013/04/25 13:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\UVC
[2013/04/25 13:35:37 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC
[2013/04/25 13:32:18 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys
[2013/04/25 13:32:11 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax
[2013/04/25 13:32:11 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll
[2013/04/25 13:31:22 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll
[2013/04/25 13:31:18 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax
[2013/04/25 13:31:17 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax
[2013/04/25 13:31:16 | 000,252,928 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys
[2013/04/25 13:31:16 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax
[2013/04/25 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2013/04/25 12:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texecom
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Texecom
[2013/04/22 18:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Cisco
[2013/04/22 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/04/22 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013/04/22 18:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2013/04/18 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/15 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{18EBBA12-8CF0-49D7-A2D3-6843C8E357B7}
[2013/04/14 20:05:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/14 20:05:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/14 20:05:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/14 20:05:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/14 20:05:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/14 20:05:53 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/14 20:05:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/14 20:05:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/14 19:49:26 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/14 19:49:26 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/14 19:49:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/14 19:49:21 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/14 19:48:41 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/12 06:30:43 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{56EC44D6-B3D3-4D8B-B294-D2CD58DE6E14}
[2013/04/11 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{4BDCBA53-B209-420E-8097-AAF9DCA76B39}
[2013/04/11 06:30:15 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{4461127D-AB4C-45E5-8149-5EE40EBB6D8A}
[2013/04/09 02:03:05 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{49F162D0-A9F4-426E-B47D-EB13F36675C4}
[2013/04/08 14:02:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{866D4E23-AC95-4163-87E7-F84DB8B348C5}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/06 21:27:55 | 000,716,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/06 21:27:55 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 20:47:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/06 20:39:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 20:39:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 20:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 12:59:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/06 12:59:05 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/06 12:00:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2013/05/06 12:00:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Embedded Security Backup Schedule.job
[2013/05/06 10:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/06 10:38:59 | 3086,278,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/06 10:37:41 | 000,012,780 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/06 10:20:36 | 000,000,566 | ---- | M] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/06 10:11:04 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Ed\Desktop\avg_remover_stf_x86_2013_2706.exe
[2013/05/03 14:15:50 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/05/01 16:53:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 14:56:07 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/05/01 14:09:54 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/25 12:22:42 | 001,785,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/24 16:46:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | M] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/23 07:36:55 | 000,001,995 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | M] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/04/18 15:48:52 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/18 15:32:53 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/18 15:32:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/06 10:20:36 | 000,000,566 | ---- | C] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/06 10:07:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/06 10:07:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/06 10:07:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/06 10:07:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/06 10:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/01 17:01:26 | 3086,278,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/29 17:43:18 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/29 17:40:28 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | C] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | C] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/04/18 15:34:45 | 000,001,995 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/18 15:34:45 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/12 13:52:10 | 000,000,680 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat
[2012/08/30 23:16:16 | 000,027,520 | ---- | C] () -- C:\Users\Ed\AppData\Local\dt.dat
[2011/10/11 13:23:25 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe
[2011/10/07 17:23:24 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2011/05/09 16:45:49 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/09/10 00:11:57 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\chrtmp
[2010/09/10 00:11:10 | 000,053,760 | --S- | C] () -- C:\Users\Ed\java_JRE_6_4_5_4.exe
[2010/07/23 00:11:17 | 000,000,459 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\plugins.xml
[2009/05/19 00:30:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG1
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG0
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.X02
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.DB
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG1
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG0
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.Y02
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.PX
[2008/09/23 09:21:34 | 000,000,777 | ---- | C] () -- C:\Users\Ed\Comms.VAL
[2008/02/16 00:08:33 | 000,105,984 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 06/05/2013 21:25:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ed\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 47.59% Memory free
5.62 Gb Paging File | 4.14 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): c:\pagefile.sys 2877 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.99 Gb Total Space | 16.53 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.75 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive G: | 960.72 Mb Total Space | 959.89 Mb Free Space | 99.91% Space Free | Partition Type: FAT

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3383664648-3697021102-3418656205-1006]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0122D0F3-3716-4497-8E29-2431E8930650}_is1" = Wintex version 6.0 Build 29
"{01CA52CC-D82B-4E76-901C-442350A30AE7}" = ArKaos VJ 3.6.1 FC2
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02C03AE0-E898-5C22-AFD4-877466FFBD98}" = CCC Help English
"{0341796A-9224-48FB-AAE1-4079C7AE375E}" = DDXGDIRenderer
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FB18CF-3F76-43AC-0F02-B2DC201D27F4}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09051A99-111D-4497-8657-EA8A07B47E0B}" = Microsoft S/MIME
"{09B17771-7F41-193C-4B8B-93B07653707C}" = Catalyst Control Center Localization Czech
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F43AD3C-47B5-4DA0-BC91-3D3CE9F18882}" = ESU for Microsoft Vista
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145BA429-DFDE-4E38-B30D-05EFC90EA311}" = Smartstim 2
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{15ADCB87-FB9D-BE4B-89EB-A5439DADACEB}" = CCC Help Japanese
"{160FB2C2-37D9-C291-9B79-B660241AD747}" = Catalyst Control Center Localization Dutch
"{1626FA93-8BB2-4324-80D2-D176F29BB0CC}" = Embedded Security for HP ProtectTools
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B2FBFE-27D2-458C-9C75-5280C831E49C}" = CoPilot Central 2.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CA53A9-E256-6AF1-28FA-EE61A88886CA}" = Catalyst Control Center Localization Chinese Traditional
"{1A239B49-FDA5-8BCF-05E9-15C69A8591F7}" = Catalyst Control Center Localization Swedish
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228FAF8F-3380-6579-E37D-8AE663A543EE}" = CCC Help Russian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246A7487-E022-4AC2-8A2B-E7AB5324D2EC}" = Dimension
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24DBA704-144B-46EA-9775-708AA7C36FE7}_is1" = Premier Elite Flasher 0.1.3.2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2692EC5B-A136-5340-C10C-4FA987FBA569}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{279F3807-2744-5B05-1CD5-612097502559}" = CCC Help Polish
"{27A94385-A7BD-17DA-3827-E54A3B203E7C}" = CCC Help Chinese Traditional
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B5BC746-6594-F319-D806-BA97C1B3D8E9}" = Catalyst Control Center Localization Japanese
"{2E2499C1-D876-D3A5-5329-23719AF4EEA5}" = CCC Help French
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3583F14B-42A8-C383-37B1-6186DD87BA46}" = Catalyst Control Center Localization Korean
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36262360-D6DF-EFAE-7AB2-5FE47F01BB8A}" = Catalyst Control Center Graphics Full Existing
"{36720FFD-D8DC-502D-5B59-97261633B847}" = Catalyst Control Center Graphics Full New
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3925DA22-2D9E-4AD4-9078-876120FE5FC6}" = SVGExport
"{3B1815F1-A388-CBA9-439E-8D97D0A9C6FB}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2A905A-2F85-4A25-858E-27F92E56B61C}" = Vista Default Settings
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{41A26BEF-B5CF-483A-8197-96413D12C902}" = Local Terminal
"{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding
"{4282CA13-4119-B9F9-A13D-F7E8C61978F9}" = CCC Help Turkish
"{45873324-094C-4516-A84A-134A175A1CD6}" = PDFExport
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}" = Privacy Manager for HP ProtectTools
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{503C86BF-22CB-4806-B2AE-AA79DFD8BA35}" = PL-2303HXD Vista Driver Installer
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541847E5-E8C5-075B-9F2B-2FF2A3C971C1}" = Catalyst Control Center Localization Hungarian
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E7F262-3B6A-403E-81C2-E9D2B196D00C}" = DDXSheetSets
"{5B1E200F-327D-AA06-4990-8E1505DFC754}" = CCC Help Greek
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D0F1D39-F353-42DD-B6A3-B947500E246B}" = HP ProtectTools Security Manager
"{5D7347E1-AE03-478B-3BE2-F1279693F745}" = ccc-utility
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E156316-7276-D0B6-D6CD-A356B897FAB3}" = CCC Help Hungarian
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6276CABC-7E19-4945-9A9C-3549D965E687}" = CCC Help Danish
"{6368D4AE-BFC1-4AAD-25AD-7EBA1CDEAFF0}" = CCC Help Thai
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67D3B081-1389-D544-6889-3E3BA2691171}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BA9955E-1F40-7E11-1488-228DAEFB0FD8}" = CCC Help Italian
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E8C9958-A445-06B7-9180-F1C546E90B6B}" = Catalyst Control Center Localization Chinese Standard
"{6EF125F8-F86B-C019-2A11-53D9C99AEE00}" = Catalyst Control Center Localization Danish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{75918444-A9D8-86F4-3644-08917713894F}" = CCC Help German
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F4739D-13F3-4899-9ECF-631D020FF144}" = ArKaos VJ 3.6.5 beta 4
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B3CDDCA-0913-D8CE-F4E1-E0F8D0200B87}" = CCC Help Norwegian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92377672-DF6E-4D7C-AFFC-50B01254C488}" = DDXViewX
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{990BA001-D69F-9DB2-56CE-88E0399B30FB}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C4AED81-8040-28D3-FCE3-E87DC2B948EC}" = Catalyst Control Center Localization German
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9EB1870B-333F-4310-A187-617C86E3473D}" = Drive Encryption for HP ProtectTools
"{A1A34147-C621-1D90-3C27-D90CF2E1ADFA}" = CCC Help Czech
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7385936-7917-4210-9471-ECDF300D1D02}" = DWGDirectX Core
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2F07A9-7EB5-4185-BAA9-A02F56F1396A}" = CCC Help Dutch
"{AA45C5F6-11AE-11D7-A426-0080C88ACBA3}" = Risk Assessment Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B19B5C55-573E-14F3-0047-7029B5618529}" = Catalyst Control Center Graphics Light
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B33E503B-8A82-E0EF-1ABE-06BF0489A6F9}" = CCC Help Swedish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A7937C-B0B5-1040-FC2E-EB05872EF72C}" = Catalyst Control Center Localization Turkish
"{B7F2B452-4461-88FF-EFD0-8E888D1A4C2D}" = CCC Help Spanish
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC281B89-4AF1-D881-ABB3-853444E7C1D5}" = Catalyst Control Center Localization Greek
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{BDE8BEF1-2C88-4F0D-A36D-8FB1659CB30D}" = Flash Programmer
"{C41A421C-59F6-8393-014A-F655460AD5F5}" = CCC Help Finnish
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C51496B3-E15E-41D8-B812-9492E4EC86E0}" = DDX DWF Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDA6B6F9-FF82-4E9B-8279-52F4D458B38A}" = Fire 6.23A
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D02B9787-3152-A4A0-43E9-AF5E62715D4E}" = Catalyst Control Center Localization Polish
"{D031D12A-7F6E-4FD1-B86F-30A8D4217767}" = GSL848E_AA Nightstand Programmer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D1D6C0C6-47A5-4EFA-B553-BEFB29E60903}" = XFP Programming Tools 4.7
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2A36D72-D053-4FD5-8EC6-C8DF653B7879}" = BIOS Configuration for HP ProtectTools
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB11E77A-8184-C8D3-55DF-73F937EE2F3D}" = Catalyst Control Center Localization Norwegian
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDBC1AF-504A-3E17-4A74-E8C69D2C0D0E}" = Catalyst Control Center Localization Finnish
"{DEDBEB69-C5E7-4904-A885-9227C8D982B0}" = HP MULTIPLE WLAN INSTALLER for VISTA
"{E03D8FE4-70BF-26F8-DA3B-974E3A561308}" = CCC Help Chinese Standard
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09E27D9-77B4-44FA-9233-547B940DC71B}" = Fire 6.21B
"{E0BBEF95-303A-42BD-A6F7-380434A063FA}" = FUJITSU FLASH MCU Programmer for FMC16LX
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E25074CB-A222-3A2D-0542-CC5BAD57ED76}" = Catalyst Control Center Localization Russian
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC04A654-128B-5439-0198-E1178E1E6E76}" = Catalyst Control Center Core Implementation
"{EC3ED97A-17D7-4B7B-9121-6EF420C89496}" = Logo Programmer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF6CEC13-B014-8BD5-5E56-78E68494A167}" = Catalyst Control Center Localization Italian
"{EFBF63E0-67E9-42FC-A6BC-809A5299F714}" = Config Tool
"{F015C84A-A7FA-4DFC-A266-1754CC536056}" = Accusoft PICVideo Motion JPEG 4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4144B54-EA3B-72F5-D464-211A1D7BAB95}" = Catalyst Control Center Localization Portuguese
"{F4764FAC-C2DA-4CF8-BCDC-2353DDA229DB}" = Maxtor Quick Start
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FAFC99FB-4361-7B69-AF2B-87A60406B60C}" = Catalyst Control Center Localization French
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"ATI Uninstaller" = ATI Uninstaller
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"doPDF 6 printer_is1" = doPDF 6.1 printer
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FuH_Docklight_V1_9_200_is1" = Docklight V2.0
"Fusion Programmer 1.1" = Fusion Programmer 1.1
"Google Chrome" = Google Chrome
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP QuickLook_is1" = HP QuickLook
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{19B2FBFE-27D2-458C-9C75-5280C831E49C}" = CoPilot Central 2.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F015C84A-A7FA-4DFC-A266-1754CC536056}" = Accusoft PICVideo Motion JPEG 4
"InstallShield_{F4764FAC-C2DA-4CF8-BCDC-2353DDA229DB}" = Maxtor Quick Start
"JPEG Recovery Pro5.0" = JPEG Recovery Pro 5.0
"KitchenDraw 5.0" = KitchenDraw 5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ManyCam" = ManyCam 3.1.51
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"multivector" = multivector: V1.0
"NuB2Codec" = NuB2 For Windows Codec (1.0.0.1)
"Opera 12.15.1748" = Opera 12.15
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"Planner for Windows" = Planner for Windows
"Power Commander 3 Usb_is1" = Power Commander Control Center 3.2.0 (Test Build 1)
"PrimoPDF3.0" = PrimoPDF
"PROHYBRIDR" = 2007 Microsoft Office system
"ST4UNST #1" = SCPMON
"ST6UNST #1" = PageTek Configuration Software Installation
"ST6UNST #2" = RX10 Pro Configuration
"ST6UNST #3" = RX10 Pro Configuration (C:\Program Files\RX10 Pro Configuration\)
"ST6UNST #4" = ConX-Lite
"ST6UNST #5" = LPA-1070-V1.6B8
"SWPRCOMM&10C4&8079" = swprog USB adapter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"93577ae7b5c7e272" = Smartstim
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/08/2010 03:33:48 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/08/2010 03:33:48 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 35149953

Error - 11/08/2010 03:33:48 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 35149953

Error - 11/08/2010 03:33:50 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/08/2010 03:33:50 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 35152640

Error - 11/08/2010 03:33:50 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 35152640

Error - 11/08/2010 03:33:53 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/08/2010 03:33:53 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 35155453

Error - 11/08/2010 03:33:53 | Computer Name = Ed-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 35155453

Error - 11/08/2010 17:01:40 | Computer Name = Ed-PC | Source = EventSystem | ID = 4621
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 01/05/2013 12:01:39 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


Error - 02/05/2013 19:07:31 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
572 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: The
specified service does not exist as an installed service.

Error - 02/05/2013 19:07:31 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
2782 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
(0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

Error - 02/05/2013 19:07:31 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


Error - 03/05/2013 02:36:13 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
572 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: The
specified service does not exist as an installed service.

Error - 03/05/2013 02:36:13 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
2782 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
(0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

Error - 03/05/2013 02:36:13 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


Error - 06/05/2013 04:42:06 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
572 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: The
specified service does not exist as an installed service.

Error - 06/05/2013 04:42:06 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
2782 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
(0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

Error - 06/05/2013 04:42:06 | Computer Name = Ed-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


[ Credential Manager Events ]
Error - 23/03/2012 20:11:18 | Computer Name = Ed-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Ed@ED-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 23/03/2012 20:11:18 | Computer Name = Ed-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Ed@ED-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ OSession Events ]
Error - 14/03/2011 15:54:57 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/03/2011 16:44:18 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4073
seconds with 240 seconds of active time. This session ended with a crash.

Error - 14/03/2011 16:44:51 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/04/2011 15:15:38 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9300
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 13/04/2011 02:28:31 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44224
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 15/06/2011 17:57:07 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53189
seconds with 60 seconds of active time. This session ended with a crash.

Error - 21/12/2011 12:59:18 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2012 03:21:23 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 339001
seconds with 780 seconds of active time. This session ended with a crash.

Error - 21/06/2012 10:51:22 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 77222
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 26/08/2012 05:25:02 | Computer Name = Ed-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3843
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/05/2013 05:36:53 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 06/05/2013 05:37:12 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 06/05/2013 05:38:44 | Computer Name = Ed-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/05/2013 05:38:54 | Computer Name = Ed-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/05/2013 05:39:35 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 05:39:35 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 05:40:31 | Computer Name = Ed-PC | Source = DCOM | ID = 10016
Description =

Error - 06/05/2013 05:41:02 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 06/05/2013 05:41:02 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 06/05/2013 05:41:02 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

[tom982]

Hi Ed,

Thanks for the logs, I am in the process of reviewing them and should be able to finish my fix after work tomorrow!

Tom

[edsmith323]

Ok Thanks Tom

[tom982]

Hi Ed,

I'm not seeing any indication of malware still being present on your system but this doesn't necessarily mean that you are clean. I will ask my instructor for a second opinion now.

I see from your logs that you have run Combofix - it is highly recommended that no one should use Combofix unless under supervision from a trained analyst as it is a very, very powerful tool. Whilst we await a response from my instructor, could you post the Combofix log please:

C:\Qoobox\Combofix.txt

Could you also post the contents of the MBAM log please:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

There may be a few files here - if any are logs where a file is detected, or deleted, please post them!

Tom

[edsmith323]

Tom

Combofix log: -

ComboFix 13-05-06.01 - Ed 06/05/2013 10:24:40.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2943.1727 [GMT 1:00]
Running from: c:\users\Ed\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\UNWISE.EXE
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-06 to 2013-05-06 )))))))))))))))))))))))))))))))
.
.
2013-05-06 09:36 . 2013-05-06 11:59 -------- d-----w- c:\users\Ed\AppData\Local\temp
2013-05-06 09:36 . 2013-05-06 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 08:59 . 2013-05-06 08:59 -------- d-----w- c:\users\Ed\AppData\Roaming\HPAppData
2013-04-29 16:40 . 2013-04-29 16:43 -------- d-----w- c:\program files\Morley-IAS by Honeywell
2013-04-25 12:35 . 2013-04-25 12:36 -------- d-----w- c:\windows\VMUVC
2013-04-25 12:32 . 2008-07-01 10:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
2013-04-25 12:32 . 2008-09-02 16:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
2013-04-25 12:32 . 2008-07-01 10:16 188416 ----a-w- c:\windows\system32\vvftUVC.ax
2013-04-25 12:31 . 2008-02-29 09:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
2013-04-25 12:31 . 2009-04-29 15:01 516096 ----a-w- c:\windows\system32\VMUVC.ax
2013-04-25 12:31 . 2007-04-12 21:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2013-04-25 12:31 . 2010-01-12 16:42 252928 ----a-w- c:\windows\system32\drivers\VMUVC.sys
2013-04-25 12:31 . 2008-09-18 15:28 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2013-04-25 12:31 . 2013-04-25 12:31 -------- d-----w- c:\program files\Vimicro Corporation
2013-04-25 09:28 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 15:46 . 2013-04-24 15:46 -------- d-----w- c:\users\Public\DebugData
2013-04-24 13:44 . 2013-04-24 15:46 -------- d-----w- c:\program files\Texecom
2013-04-22 17:31 . 2013-04-22 17:31 -------- d-----w- c:\users\Ed\AppData\Local\Cisco
2013-04-22 17:15 . 2013-04-22 17:15 -------- d-----w- c:\program files\Cisco
2013-04-22 17:15 . 2013-04-22 17:15 -------- d-----w- c:\programdata\Cisco
2013-04-14 18:49 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-14 18:49 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-14 18:49 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-14 18:49 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-14 18:49 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-14 18:49 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-14 18:48 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 13:01 . 2011-08-04 06:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-18 14:32 . 2012-04-18 17:06 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 14:32 . 2011-06-07 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 13:50 . 2012-07-23 22:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-14 16:31 . 2012-09-03 18:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 16:31 . 2012-06-08 12:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 16:31 . 2010-06-03 08:47 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-28 15:29 . 2010-07-26 12:04 249856 ------w- c:\windows\Setup1.exe
2013-02-28 15:29 . 2010-07-26 12:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-02-12 01:57 . 2013-03-19 19:22 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 01:57 . 2013-03-19 19:22 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
2006-08-11 13:51 69632 ----a-w- c:\windows\System32\MssShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-07-19 1107232]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-17 1645256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-12-20 135168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-15 44168]
"AvgRemover"="c:\users\Ed\Desktop\avg_remover_stf_x86_2013_2706.exe" [2013-05-06 2586752]
.
c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-2-12 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3383664648-3697021102-3418656205-1006]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-18 14:48 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:32]
.
2013-05-06 c:\windows\Tasks\Embedded Security Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-07-19 21:09]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-03 18:20]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-03 18:20]
.
2013-05-06 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-07-19 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
Trusted Zone: cslconnect.com\cslvpn
TCP: DhcpNameServer = 192.168.0.1
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-06 12:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5968)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\MssShellExt.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Hpservice.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\crypserv.exe
c:\windows\system32\CSHelper.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\IAM\bin\AsGHost.exe
c:\progra~1\Maxtor\MSSBAC~1\MaxBackService.exe
c:\progra~1\Maxtor\MANAGE~1\msssort.exe
c:\windows\SMINST\scheduler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2013-05-06 13:04:57 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-06 12:04
.
Pre-Run: 17,752,780,800 bytes free
Post-Run: 17,796,890,624 bytes free
.
- - End Of File - - A358036D5F743598EF2A747D7BCA84AF

Most recent MBAM logs below: -

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ed :: ED-PC [administrator]

03/05/2013 00:43:32
mbam-log-2013-05-03 (00-43-32).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 499902
Time elapsed: 5 hour(s), 34 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-3383664648-3697021102-3418656205-1006\$ff24043d55f85ce9a20a8337d9b4b888\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3383664648-3697021102-3418656205-1006\$ff24043d55f85ce9a20a8337d9b4b888\n (Trojan.0Access) -> Delete on reboot.
C:\Users\Ed\AppData\Local\Temp\D38D.tmp (Trojan.FkAdw) -> Quarantined and deleted successfully.
C:\Users\Ed\AppData\Local\Xenocode\Sandbox\Windows Mobile SMS Migrator\1.0.0.0\2009.06.08T11.17\Virtual\STUBEXE\@DESKTOP@\adb.EXE (Backdoor.Poison) -> Quarantined and deleted successfully.
C:\Users\Ed\AppData\Local\Xenocode\Sandbox\Windows Mobile SMS Migrator\1.0.0.0\2009.06.08T11.17\Virtual\STUBEXE\@DESKTOP@\Windows Mobile SMS Migrator.exe (Backdoor.Poison) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.06

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Ed :: ED-PC [administrator]

01/05/2013 16:56:54
mbam-log-2013-05-01 (16-56-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 54698
Time elapsed: 2 minute(s), 23 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FkAdw) -> Data: C:\ProgramData\amsecure.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\amsecure.exe (Trojan.FkAdw) -> Quarantined and deleted successfully.

(end)


Hope these help you find a solution

[tom982]

Hello Ed,

Having removed amsecure.exe with MBAM, are you still having internet problems? What actually happens when you try to download a file?

ESET Online Scanner:

Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here to run the scan...
• In the window that now appears called Launch ESET Online Scanner
• Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
• Then in the lower left hand corner of the browser window double click on >> follow the prompts
• In the new window that appears select the option YES, I accept the Terms of Use then click on Start
• Now in the Computer scan settings window that appears:-
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on: Start
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do nottouch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on: Finish
• Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click on Remove Java Runtime.
• Select the Java version you have from the drop down list, and then click on Run Uninstaller
• Press Yes if it asks to uninstall the product.
• Allow the uninstaller to remove the installed version.
• When its finished, go back to JavaRa, and click Back
• Click on Update Java Runtime and then select Download and install latest version.
• Press Next
• Press Java Manual Download.
• A browser window will open with the Java download page.
• Click the Windows offline link to download Java.
• Run the installer.
• Close JavaRa

Uninstall Software

• Click on the Start button and select Control Panel
• Click on Programs then click on Uninstall a program
• You will now see a list of your installed software, double click on the following one by one to uninstall them:
  
  
  • Adobe Reader X (10.1.6)
  • Ask Toolbar
• Once you have done this, reboot your computer

You can install the latest version of Adobe Reader from here: http://get.adobe.com/uk/reader/

Make sure you deselect the Yes, install McAfee Security Scan Plus - optional (0.9 MB) box!

Tom

[edsmith323]

Tom

Whenever I try to download a file through Internet Explorer, the file downloads and IE runs a virus scan which gives the result that the file contains a virus and has been deleted. Whenever I try the same download in Chrome I get the message virus scan failed, and still the file has not been downloaded. This has happened since I picked up and removed the Malware with Malwarebytes.

I'll run the scans/uninstalls you suggest etc and post the results in due course.

Thanks for your help Tom.

Ed

[edsmith323]

ESET scanner log file

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b781771689b8514090fab3c77808e497
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-10 12:25:40
# local_time=2013-05-10 01:25:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1040 16777213 100 93 15123 55279524 0 0
# compatibility_mode=5892 16776574 100 39 109466369 205678242 0 0
# scanned=272827
# found=8
# cleaned=0
# scan_time=14535
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\MGtools\Process.exe"
sh=DD7B79B1069023F35F0E1B7789AE888A104798E3 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Ed\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4e49c050-3a4b5fb6"
sh=49C6E2ADC6EB6B6037DF7B8F8FE3D2B05E2DCEFE ft=0 fh=0000000000000000 vn="Java/Agent.FG trojan" ac=I fn="C:\Users\Ed\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\196a68e5-33eba242"
sh=8FD96D41E7D33071468CE35B31BF7EC792CF01E5 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBB trojan" ac=I fn="C:\Users\Ed\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\20283be9-564fc764"
sh=49C6E2ADC6EB6B6037DF7B8F8FE3D2B05E2DCEFE ft=0 fh=0000000000000000 vn="Java/Agent.FG trojan" ac=I fn="C:\Users\Ed\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\23c3b8e9-5f9eb3c1"
sh=B2DD9ACDAFD20255897F7CC7053E1253C2083146 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.IF trojan" ac=I fn="C:\Users\Ed\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1c90876d-75de0069"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Ed\Documents\ApnStub.exe"
sh=4E0810EBA6EC5FE5A1055D258B95E771CA607F00 ft=1 fh=b9eedc5ec3e8968f vn="multiple threats" ac=I fn="C:\Users\Public\cpuz_154_setup.exe"

[tom982]

Hi Ed,

ESET has picked up a few Java related infections which means there's a very good chance that this is how you were infected in the first place. We have updated Java a few posts ago so you're all up to date and more secure now. Do you use Java? If you don't use it then I would highly recommend uninstalling it as it has been a very big security concern over the past few months:

http://www.nbcnews.c...-java-1B8000547

It is essential that you keep Java updated in the future if you do need it! Let's have a look where we stand at the moment:

OTL Fix

• Run OTL.
• Click the Quick Scan button. The scan won't take long.

When the scan completes, it will open a log: OTL.txt. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

I would also like to know how your computer is behaving now? Are you still having problems downloading files?

Tom

[edsmith323]

Hi Tom

I'm away till tomorrow afternoon, so I' ll run the scan then and post the results.

As of yesterday I am still having the issues with downloading through ie and chrome.

[edsmith323]

Tom

OTL log as required

OTL logfile created on: 12/05/2013 11:59:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ed\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 40.16% Memory free
5.62 Gb Paging File | 3.63 Gb Available in Paging File | 64.59% Paging File free
Paging file location(s): c:\pagefile.sys 2877 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.99 Gb Total Space | 26.38 Gb Free Space | 18.84% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.75 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/13 10:41:04 | 000,358,456 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/01/18 06:06:06 | 000,078,592 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/07/19 22:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/06 15:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/12/20 14:36:50 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/05/23 12:24:44 | 000,085,672 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/05/23 12:19:18 | 000,192,168 | ---- | M] (Maxtor Corp) -- C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe
PRC - [2007/05/09 04:22:44 | 001,400,488 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe
PRC - [2007/03/29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/08 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/04/23 11:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/10 02:38:48 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2013/04/10 02:38:48 | 001,241,088 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/02/13 22:34:31 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/13 22:32:00 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/10 15:59:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/10 15:41:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 15:40:18 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll
MOD - [2013/01/10 15:39:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/10 15:39:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 15:38:33 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/10 15:35:10 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 15:34:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/13 22:33:54 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2008/02/16 00:34:15 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
MOD - [2007/06/28 17:48:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:08 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.35169__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.35168__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:07 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/06/28 17:48:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/06/28 17:48:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007/06/28 17:48:05 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/06/28 17:47:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/06/28 17:47:55 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/06/28 17:47:55 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/06/28 17:47:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/06/28 17:47:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/06/28 17:47:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/06/28 17:47:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/28 17:47:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/03/29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/02 17:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/12/20 04:16:04 | 000,073,728 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2006/10/26 17:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 15:32:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/13 10:36:32 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/01/18 05:59:28 | 000,192,768 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2010/01/18 05:59:20 | 000,150,272 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 21:45:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/19 08:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 13:36:35 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2013/05/08 22:16:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/10/11 04:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/06 13:11:12 | 000,035,008 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/05 11:09:08 | 000,051,480 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/03/05 11:09:00 | 000,013,032 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/03/05 11:08:58 | 000,012,600 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/03/05 11:08:56 | 000,109,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/12 17:42:54 | 000,252,928 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/12/17 23:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:42:58 | 000,024,576 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/29 13:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/19 22:17:36 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/02/17 13:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 13:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/10 22:33:39 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/02 17:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/13 12:10:18 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2006/11/02 09:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/11/03 18:14:36 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/11/03 18:14:36 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus)
DRV - [2004/07/16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {8E02D41C-5924-4816-9490-33CCD28BEB72}
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9F536F17-19AC-43C6-AAE3-0D44B531B5BC}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/10 13:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/05 08:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/05/10 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]

[2010/03/18 19:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions
[2009/01/15 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/18 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/06 12:59:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cslconnect.com ([cslvpn] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70308F02-798D-4916-8232-B3B115A8F3D4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/12 11:59:21 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\OTL fix
[2013/05/09 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/09 21:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/09 20:54:54 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{75B79B04-1CC2-48E2-BDFE-607F99AFC55B}
[2013/05/09 07:23:05 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B3B5D0EF-6FBE-40CA-A4A7-65467DA14B0B}
[2013/05/08 22:15:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/08 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{5DBDC8C7-F1C4-4376-9275-4064F5BF7E34}
[2013/05/07 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\MicroVision Applications
[2013/05/07 19:45:41 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B1E17FE6-3F16-4E44-9C7D-0ACC8C4EFB00}
[2013/05/07 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Sony
[2013/05/07 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/07 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\Jess Wedding Music
[2013/05/07 16:46:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/05/07 16:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/05/07 16:03:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/07 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\vlc
[2013/05/07 15:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/07 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/07 07:45:30 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{12FC7E38-10B8-469F-BB79-62C948A82FC5}
[2013/05/06 21:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 13:14:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/06 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\temp
[2013/05/06 10:07:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/06 10:07:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/06 10:07:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/06 10:04:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/06 10:03:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/06 09:15:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{CB6AB4E8-DF70-4263-A83B-D1BBD563B3AF}
[2013/05/02 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{886EB09B-28FB-4D5A-80EA-52833FD269D5}
[2013/04/29 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Morley-IAS by Honeywell
[2013/04/29 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{D6BB5D0F-9149-4BE7-BFF9-1528D83F040E}
[2013/04/25 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
[2013/04/25 13:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\UVC
[2013/04/25 13:35:37 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC
[2013/04/25 13:32:18 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys
[2013/04/25 13:32:11 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax
[2013/04/25 13:32:11 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll
[2013/04/25 13:31:22 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll
[2013/04/25 13:31:18 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax
[2013/04/25 13:31:17 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax
[2013/04/25 13:31:16 | 000,252,928 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys
[2013/04/25 13:31:16 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax
[2013/04/25 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2013/04/25 12:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texecom
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Texecom
[2013/04/22 18:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Cisco
[2013/04/22 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/04/22 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013/04/22 18:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2013/04/18 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/15 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{18EBBA12-8CF0-49D7-A2D3-6843C8E357B7}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/12 12:15:08 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/12 12:00:24 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Embedded Security Backup Schedule.job
[2013/05/12 12:00:23 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2013/05/12 11:55:46 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 11:54:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/12 11:54:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 11:54:00 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 11:52:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/10 13:49:37 | 000,001,426 | ---- | M] () -- C:\Users\Ed\Desktop\DivX Movies.lnk
[2013/05/10 13:49:02 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/10 13:40:24 | 000,716,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/10 13:40:24 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/10 13:33:57 | 3086,278,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/10 13:31:45 | 000,012,780 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/09 21:06:51 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/08 22:16:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/07 19:49:52 | 000,071,432 | ---- | M] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:35:38 | 000,002,396 | ---- | M] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | M] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 18:09:08 | 000,002,384 | ---- | M] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 17:54:23 | 000,072,272 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 005,867,520 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:54:12 | 000,000,032 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 15:41:30 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 12:59:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/06 10:20:36 | 000,000,566 | ---- | M] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/03 14:15:50 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/05/01 16:53:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 14:56:07 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/05/01 14:09:54 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/25 12:22:42 | 001,785,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/24 16:46:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | M] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/23 07:36:55 | 000,001,995 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | M] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/04/18 15:48:52 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/10 13:49:02 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | C] () -- C:\END
[2013/05/07 19:48:46 | 000,071,432 | ---- | C] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:27:52 | 000,002,396 | ---- | C] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | C] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 17:54:12 | 000,072,272 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 000,000,032 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 17:54:06 | 005,867,520 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:29:26 | 000,002,384 | ---- | C] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 16:48:36 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/07 15:41:30 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 10:20:36 | 000,000,566 | ---- | C] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/06 10:07:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/06 10:07:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/06 10:07:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/06 10:07:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/06 10:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/01 17:01:26 | 3086,278,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/29 17:43:18 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/29 17:40:28 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | C] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | C] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/04/18 15:34:45 | 000,001,995 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/18 15:34:45 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/12 13:52:10 | 000,000,680 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat
[2012/08/30 23:16:16 | 000,027,520 | ---- | C] () -- C:\Users\Ed\AppData\Local\dt.dat
[2011/10/11 13:23:25 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe
[2011/10/07 17:23:24 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/09/10 00:11:57 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\chrtmp
[2010/09/10 00:11:10 | 000,053,760 | --S- | C] () -- C:\Users\Ed\java_JRE_6_4_5_4.exe
[2010/07/23 00:11:17 | 000,000,459 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\plugins.xml
[2009/05/19 00:30:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG1
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG0
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.X02
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.DB
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG1
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG0
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.Y02
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.PX
[2008/09/23 09:21:34 | 000,000,777 | ---- | C] () -- C:\Users\Ed\Comms.VAL
[2008/02/16 00:08:33 | 000,105,984 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/23 21:31:23 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ALK Technologies
[2012/10/15 17:48:25 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\AVG2013
[2009/12/28 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\AVG9
[2008/09/26 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/18 01:12:35 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Credential Manager
[2013/05/12 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Dropbox
[2008/02/12 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Hewlett Packard
[2011/12/25 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\HTC
[2008/02/12 22:52:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Infineon
[2008/04/29 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\InterVideo
[2010/09/10 00:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\JAVAUpdate9
[2008/04/24 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Jeyo
[2012/11/23 02:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ManyCam
[2011/06/13 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Maxtor Quick Start
[2011/03/25 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Opera
[2010/09/21 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\PandoraRecovery
[2013/05/07 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Publish Providers
[2008/02/16 00:55:43 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\SampleView
[2013/05/07 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Sony
[2009/11/28 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Teleca
[2011/10/25 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Thunderbird
[2009/01/15 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\TomTom
[2009/09/03 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Trusteer
[2013/05/08 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\uTorrent
[2010/11/25 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Windows Live Writer
[2008/02/12 23:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[tom982]

Hi Ed,

Please download to your desktopShortcut cleaner
Then run.

When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
Please post that log.

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1

• Right-click on aswMBR.exe and select Run as Administrator.
• Click Yes when asked to download the Avast! definitions.
• Click Scan to initiate the scan.
• When the scan finishes, click Save Log and save this to your Desktop.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

OTL Fix

• Run OTL.
• Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
  
  
  

  :OTL
  O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
  
  :Commands
  [EMPTYTEMP]

• Click the Run Fix button.
• After your computer has rebooted, run OTL and click Quick Scan.
• Copy and paste the contents of the log that it produces into your next post.

Tom