Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Think I got malware (flexify.exe)


  • Please log in to reply

#1
Lexy610

Lexy610

    Member

  • Member
  • PipPipPip
  • 743 posts

The other day my computer started acting up ... I turned it on and got this ..

 

IMG_0508.JPG

 

After freaking out and staring at my monitor for like 10 minutes I decided to click on F2 and went to the boot sequence .. I noticed that it was changed and they all said "not present" EXCEPT the one that said "Onboard or USB CD-ROM drives" so i clicked on that one and moved it up to the top, saved and rebooted ...

 

It started up a bit shaky but it started .. I then proceeded to surf the web and do some stuff to see how it would perform .. that wasn't good .. I then got this

 

IMG_0506.JPG

 

I got a blue screen didn't take a screen shot of that one because at this point I was hyperventilating that instructed me to do a full scan on next restart to check all drives and files .. after it was done it found something and it asked me to fix it all with all other options so i clicked on "fix it all"

 

I did a hard shut down and got this screen again ...

 

IMG_0508.JPG

 

So I was able to change it again to where I can put my "Onboard SATA hard Drive" (which before said not present), saved and restarted .. started up smoothly

 

I then ran my avast and it found this "keygen for flexify.exe" and then had avast fix ... then ran malwarebytes and it found nothing.

 

After using it for a bit i got the blue screen with this

 

IMG_0507.JPG

 

I think this was the sequence of events and i hope this is helpful to anyone who can help me.

 

I use this computer for work and my life depends on this computer!

 

Any help will be greatly appreciated!

 

 

 

 

 

 

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Doesn't look like a virus to me.  More likely your hard drive is failing.  Are you able to boot now?  If so:

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

  • 0

#3
Lexy610

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

Attached File  LEXY.txt   63.37KB   480 downloads


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Following hard drive errors are shown in Speccy:
Even tho they say Status Good they are not.  Normally the raw values would be 0 on a good drive.  The one in red is really bad.  Over 1200 sectors are so bad that they can not be read and have been blocked from use.  I think your drive is dying and you need to get a second drive and clone the old drive to it before its too late.  
 
Attribute name Read Error Rate
Real value 0
Current 100
Worst 99
Threshold 6
Raw Value 00000F9DC8
Status Good
03
 
Attribute name Reallocated Sectors Count
Real value 1,128
Current 97
Worst 97
Threshold 36
Raw Value 0000000468
Status Good
07
Attribute name Seek Error Rate
Real value 0
Current 68
Worst 57
Threshold 30
Raw Value 00123F1601
Status Good
09
 
Attribute name Command Timeout
Real value 47,245,361,164
Current 100
Worst 99
Threshold 0
Raw Value 00000B000C
Status Good
 
 Is this one still under warranty?
 
Any 3.5 in 500 GB or bigger  SATA drive will work but the faster ones will have at least 7200 RPM and 16 MB cache.   Next time get a Western Digital drive.  They seem to last longer than Seagate. 
 
Since you think you might be infected you can go ahead and:
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Download OTL from
    and Save it to your desktop.
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     

    • 0

    #5
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    OMG! Again? This drive isnt too old .. I did replace my drive and cloned my old one. You guys helped me do it here! :(

     

    Do we know why this has happened again?

     

    Have I lost anything? This is my work computer I use from home and have lots of things on it :(


    • 0

    #6
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    # AdwCleaner v4.112 - Logfile created 17/03/2015 at 00:45:17
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-15.1 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : User - LEXY
    # Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Driver Mender
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\driver whiz
    Folder Deleted : C:\Program Files\SavingsbullFilter
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
    Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Zynga
    Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Bundled software uninstaller
    Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Innovative Solutions
    Folder Deleted : C:\Documents and Settings\User\Application Data\Uniblue
    Folder Deleted : C:\Documents and Settings\User\My Documents\smart pc cleaner
    Folder Deleted : C:\Documents and Settings\User\My Documents\Updater
    File Deleted : C:\END
    File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
    File Deleted : C:\WINDOWS\system32\drivers\netfilter.sys
    File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
    File Deleted : C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\0rctxfey.default\invalidprefs.js
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\522dad1e769ef43
    Key Deleted : HKLM\SOFTWARE\522dad1e769ef43
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\DriverTuner_Init
    Key Deleted : HKCU\Software\DriverTuner
    Key Deleted : HKLM\SOFTWARE\AskBarDis
    Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    Key Deleted : HKLM\SOFTWARE\Driver-Soft
    Key Deleted : HKLM\SOFTWARE\ImInstaller
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RrSavings
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smart PC Cleaner_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v37.0 (x86 en-US)

    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchEngineBeforeUnload", "Delta Search");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"779f824b4d5cb3fc5c88fbd97dd007a83\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=CT2438727", "wA6T9QDAvwy1IiyXp8em5g==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2438727", "GNmdGrr6syWWiO5HPrW6Kg==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT2438727", "cXFd0kFV8INnOFPKwsl3Yw==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2438727", "inm6N6Ad2DrQKGUsOGzkLg==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=CT2438727", "jboT93NlROUgL9VHH05h7Q==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2438727", "6nU8AIjBECdJeC23UVuipQ==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=CT2438727", "1+CYRq0xISvO8ijrzS05oQ==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2438727", "Y3Dtc1pIAMMkuUpvgoTeaw==");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:1694\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"dbe4460d95840339477519b3f77dc11a\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5b02faa969d7eb612666c4fc9456833b\"");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Guest\\Application Data\\Mozilla\\Firefox\\Profiles\\0rctxfey.default\\conduitCommon\\modules\\3.18.0.7");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "5e2f87f1-cc7c-49b5-94da-00dd48f60b7d");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 17 2013 17:19:10 GMT-0400 (Eastern Standard Time)");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri May 10 2013 19:59:55 GMT-0400 (Eastern Standard Time)");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 17 2013 17:19:10 GMT-0400 (Eastern Standard Time)");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "ec8120e5-54b1-4814-89b3-3b18e9365cb5");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Delta Search");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Delta Search");
    [0rctxfey.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");

    *************************

    AdwCleaner[R0].txt - [16265 bytes] - [17/03/2015 00:30:30]
    AdwCleaner[S0].txt - [16830 bytes] - [17/03/2015 00:45:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16890  bytes] ##########
     


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I'm thinking Seagate is having quality control problems.  Your drive didn't look that old which is why I asked if it is still under warranty.  Isn't there a 2 year warranty with Seagate drives?

     

    Can't tell if you have lost anything.  We can run a disk check and SFC and see if most of the windows files are still there:

     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.

    • 0

    #8
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.4 (03.16.2015:1)
    OS: Microsoft Windows XP x86
    Ran by User on Tue 03/17/2015 at  0:59:46.22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pcdr"
    Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\pcdr"



    ~~~ FireFox

    Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\pt96kby9.default-1369614150234\minidumps [2 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 03/17/2015 at  1:09:41.99
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #9
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
    Ran by User (administrator) on LEXY on 17-03-2015 03:18:05
    Running from C:\Documents and Settings\User\Desktop
    Loaded Profiles: User (Available profiles: User & Administrator & Guest)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVR.exe
    (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    (Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVC.exe
    () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    () C:\WINDOWS\system32\PSIService.exe
    (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2010-03-18] (Creative Technology Ltd)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
    Winlogon\Notify\PRISMAPI.DLL: C:\WINDOWS\system32\PRISMAPI.DLL (Conexant Systems, Inc.)
    HKU\S-1-5-21-606747145-117609710-839522115-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\User\Local Settings\Apps\2.0\GLODYH45.LZJ\9PTZC5LD.W03\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-16] (Dell)
    HKU\S-1-5-21-606747145-117609710-839522115-1003\...\Run: [BlackBerryLink.exe] => "C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
    Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 5530 series.lnk
    ShortcutTarget: Monitor Ink Alerts - HP ENVY 5530 series.lnk -> C:\Program Files\HP\HP ENVY 5530 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-606747145-117609710-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-606747145-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-606747145-117609710-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06] (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-11-19] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab
    DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinn...mines/mines.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab
    DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab
    DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1044
    DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinn...gsaw/jigsaw.cab
    DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229566731421
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
    DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab
    DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab
    DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab
    DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
    DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab
    DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab
    DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-10-23] (Hewlett-Packard Company)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2008-02-20] (DivX,Inc.)
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @soe.sony.com/installer,version=1.0.3 -> C:\WINDOWS\Downloaded Program Files\CONFLICT.2\npsoe.dll [2010-09-30] ()
    FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-606747145-117609710-839522115-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.)
    FF Extension: Diccionario de Español/España - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\Extensions\[email protected] [2014-06-13]
    FF Extension: Diccionario en Español para Venezuela - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\Extensions\[email protected] [2013-06-28]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
    FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-05]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-07-16] (Adobe Systems) [File not signed]
    R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
    S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-06] (Creative Labs) [File not signed]
    S3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2014-06-12] (Creative Labs) [File not signed]
    R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
    R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [61529 2006-10-12] (Conexant Systems, Inc.) [File not signed]
    R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
    R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
    R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [431384 2008-06-24] (Seagate)
    S2 hpdj; C:\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= [X]
    S3 upnphost; %SystemRoot%\System32\upnphost.dll [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2006-10-26] (Meetinghouse Data Communications) [File not signed]
    R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-06] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-06] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-06] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-06] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-06] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-06] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-06] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-06] ()
    R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
    R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
    S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
    R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
    S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
    R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
    S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
    S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) [File not signed]
    S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
    S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
    S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) [File not signed]
    S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
    R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
    R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
    R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
    R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
    R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
    S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
    R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
    R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [618880 2006-03-02] (Intel Corporation)
    R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
    R0 MxEFUF; C:\WINDOWS\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
    S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [18856 2007-08-31] (Microsoft Corporation)
    S3 qcserxp; C:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
    S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb.sys [68096 2013-12-02] (BlackBerry Limited)
    S3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis.sys [12800 2014-06-23] (Research in Motion Limited)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    S3 SQTECH905C; C:\WINDOWS\System32\Drivers\Capt905c.sys [37760 2007-05-18] (Service & Quality Technology.) [File not signed]
    R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
    R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2012-07-21] (Acronis)
    R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2012-07-21] (Acronis)
    S3 bvrp_pci; No ImagePath
    S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
    S3 cpuz132; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
    S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
    S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
    S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-17 03:17 - 2015-03-17 03:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
    2015-03-17 01:09 - 2015-03-17 01:09 - 00000988 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
    2015-03-17 00:30 - 2015-03-17 00:45 - 00000000 ____D () C:\AdwCleaner
    2015-03-17 00:29 - 2015-03-17 00:29 - 01388737 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
    2015-03-17 00:25 - 2015-03-17 00:25 - 02171392 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
    2015-03-16 18:46 - 2015-03-16 18:48 - 00064895 _____ () C:\Documents and Settings\User\Desktop\LEXY.txt
    2015-03-14 00:04 - 2015-03-14 00:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-10 16:19 - 2015-03-10 16:19 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    2015-03-10 16:17 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-03-10 16:17 - 2015-03-10 16:17 - 00000000 ____D () C:\Program Files\iPod
    2015-02-16 21:59 - 2015-02-16 21:59 - 00000323 _____ () C:\Documents and Settings\User\Desktop\HP Printer Diagnostic Tools.url
    2015-02-16 21:50 - 2015-02-16 21:50 - 00000278 _____ () C:\Documents and Settings\User\Desktop\HP Printing Software.url
    2015-02-16 21:40 - 2015-02-16 21:40 - 00001742 _____ () C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
    2015-02-16 21:40 - 2015-02-16 21:40 - 00000000 ____D () C:\Program Files\HP Photo Creations
    2015-02-16 21:40 - 2015-02-16 21:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Visan
    2015-02-16 21:40 - 2015-02-16 21:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP Photo Creations
    2015-02-16 21:39 - 2015-02-16 21:59 - 00000000 ____D () C:\Documents and Settings\User\Application Data\HpUpdate
    2015-02-16 21:39 - 2015-02-16 21:39 - 00001921 _____ () C:\Documents and Settings\All Users\Desktop\HP ENVY 5530 series.lnk
    2015-02-16 21:39 - 2015-02-16 21:39 - 00000883 _____ () C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
    2015-02-16 21:39 - 2014-07-21 16:33 - 00597512 ____N (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPMC311.dll
    2015-02-16 21:39 - 2012-12-15 20:34 - 02525368 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_EN5530.dll
    2015-02-16 21:39 - 2012-12-15 20:34 - 00417464 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_EN5530.dll
    2015-02-16 21:38 - 2015-02-16 21:38 - 00000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
    2015-02-16 21:38 - 2012-12-15 20:34 - 00536760 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsC311.dll
    2015-02-16 21:38 - 2012-12-15 20:34 - 00271032 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsC311LM.dll
    2015-02-16 21:38 - 2012-12-15 20:34 - 00222904 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoiC311.dll
    2015-02-16 21:38 - 2012-12-15 18:45 - 02220216 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkinsC311.exe
    2015-02-16 21:34 - 2015-02-16 21:34 - 05197824 _____ () C:\Documents and Settings\User\Desktop\HPSupportSolutionsFramework-en-11.51.0048.msi
    2015-02-16 21:34 - 2015-02-16 21:34 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Hewlett-Packard

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-17 03:18 - 2014-05-14 00:06 - 00024432 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
    2015-03-17 03:18 - 2014-05-08 10:09 - 00000000 ____D () C:\FRST
    2015-03-17 03:18 - 2007-12-20 12:44 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
    2015-03-17 02:55 - 2012-08-22 11:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-03-17 01:35 - 2013-11-05 12:11 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-03-17 00:52 - 2008-12-31 05:06 - 01173425 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-03-17 00:50 - 2013-12-02 23:10 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\HTC MediaHub
    2015-03-17 00:50 - 2007-12-30 19:38 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2015-03-17 00:50 - 2007-12-30 19:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-03-17 00:50 - 2007-12-20 12:33 - 00000000 ____D () C:\WINDOWS\Registration
    2015-03-17 00:48 - 2012-07-22 16:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-03-17 00:48 - 2007-12-20 12:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-03-17 00:46 - 2014-12-12 03:46 - 02900256 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2015-03-17 00:46 - 2007-12-20 12:44 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
    2015-03-17 00:46 - 2007-12-20 12:43 - 00032538 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-03-17 00:43 - 2014-05-13 20:57 - 01135104 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
    2015-03-16 18:44 - 2014-05-14 19:36 - 00670033 _____ () C:\WINDOWS\setupapi.log
    2015-03-16 17:23 - 2014-09-15 01:44 - 00000000 ____D () C:\Documents and Settings\User\My Documents\SSL Salesian Papers
    2015-03-16 16:02 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-03-14 20:51 - 2014-07-06 02:33 - 04935328 ____N () C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20061102}.BAK
    2015-03-14 20:51 - 2014-07-06 02:32 - 04935328 _____ () C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20061102}.CDF
    2015-03-13 01:51 - 2008-01-09 00:21 - 00374294 __SHC () C:\Documents and Settings\User\Desktop\Thumbs.db
    2015-03-13 01:38 - 2007-12-26 22:39 - 03100672 ___SH () C:\Documents and Settings\User\My Documents\Thumbs.db
    2015-03-12 23:07 - 2014-05-14 00:59 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Email Attachments
    2015-03-11 02:38 - 2014-06-29 15:49 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-03-11 00:57 - 2007-12-20 12:44 - 00001599 _____ () C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
    2015-03-10 23:04 - 2008-01-02 09:32 - 00001599 ____C () C:\Documents and Settings\Guest\Start Menu\Programs\Remote Assistance.lnk
    2015-03-10 23:03 - 2007-12-20 12:36 - 00001599 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
    2015-03-10 23:03 - 2007-12-20 12:36 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    2015-03-10 23:03 - 2007-12-20 12:36 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
    2015-03-10 22:44 - 2009-01-04 16:31 - 00001599 ____C () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
    2015-03-10 22:22 - 2013-08-14 02:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-03-10 21:59 - 2007-12-20 15:07 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-03-10 16:19 - 2010-09-04 16:49 - 00000000 ____D () C:\Program Files\iTunes
    2015-03-10 16:17 - 2007-12-22 18:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-03-08 15:04 - 2007-12-20 07:28 - 00621030 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-03-08 15:00 - 2014-05-17 01:18 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-03-02 21:00 - 2009-07-23 13:30 - 00152800 ____C () C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2015-02-17 22:10 - 2007-12-20 07:27 - 00425408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-02-16 22:11 - 2008-02-19 13:22 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\HP
    2015-02-16 21:40 - 2008-02-18 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
    2015-02-16 21:40 - 2007-12-29 22:57 - 00000000 ____D () C:\Program Files\Hewlett-Packard
    2015-02-16 21:39 - 2008-02-18 21:16 - 00000000 ____D () C:\Program Files\HP
    2015-02-16 21:38 - 2008-02-18 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
    2015-02-16 21:38 - 2007-12-20 07:20 - 00000000 ____D () C:\WINDOWS\twain_32
    2015-02-16 21:34 - 2007-12-20 14:51 - 00152800 _____ () C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2011-03-02 11:21 - 2011-03-02 11:21 - 0002528 ____C () C:\Documents and Settings\User\Application Data\$_hpcst$.hpc
    2010-09-14 18:13 - 2010-12-04 01:20 - 0000965 ____C () C:\Documents and Settings\User\Application Data\BBMS_EXCEPTION.txt
    2014-12-12 02:12 - 2014-12-12 02:47 - 0000077 _____ () C:\Documents and Settings\User\Application Data\Rim.Desktop.Exception.log
    2014-12-12 02:10 - 2014-12-12 03:19 - 0001925 _____ () C:\Documents and Settings\User\Application Data\Rim.Desktop.HttpServerSetup.log
    2014-12-12 02:12 - 2014-12-12 02:47 - 0000077 _____ () C:\Documents and Settings\User\Application Data\Rim.DesktopHelper.Exception.log
    2011-08-18 13:08 - 2011-08-18 13:08 - 0206473 ____C () C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
    2011-08-18 13:09 - 2011-08-18 13:09 - 0223067 ____C () C:\Documents and Settings\User\Local Settings\Application Data\census.cache
    2007-12-22 22:58 - 2014-12-26 23:56 - 0203776 ____C () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2007-12-20 12:47 - 2007-12-20 12:47 - 0000127 ____C () C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
    2011-02-01 10:46 - 2011-02-01 10:46 - 0000036 ____C () C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
    2007-07-13 14:36 - 2007-07-13 14:36 - 0220184 ____C ( ) C:\Documents and Settings\User\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
    2014-07-14 16:59 - 2014-07-14 17:06 - 0000191 _____ () C:\Documents and Settings\User\Local Settings\Application Data\rbxcsettings.rbx
    2005-12-13 17:12 - 2005-12-13 17:12 - 0016384 ____C (Microsoft Corporation) C:\Documents and Settings\User\Local Settings\Application Data\stdole.dll

    Some content of TEMP:
    ====================
    C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\User\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================


    • 0

    #10
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
    Ran by User at 2015-03-17 03:19:47
    Running from C:\Documents and Settings\User\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    20/20 v2.2 (HKLM\...\20/20 v2.2) (Version:  - )
    6300 (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    6300_Help (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    6300Trb (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
    Adobe Connect 9 Add-in (HKU\S-1-5-21-606747145-117609710-839522115-1003\...\Adobe Connect 9 Add-in) (Version: 11,9,971,247 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
    Ahead Nero Burning ROM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
    Ahead NeroMediaPlayer (HKLM\...\NMPUninstallKey) (Version:  - )
    AiO_Scan_CDA (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    AiOSoftwareNPI (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    Alien Skin Eye Candy 5 Impact (HKLM\...\EyeCandy5Impact) (Version:  - )
    Alien Skin Eye Candy 5 Nature (HKLM\...\EyeCandy5Nature) (Version:  - )
    Alien Skin Eye Candy 5 Textures (HKLM\...\EyeCandy5Textures) (Version:  - )
    AMD Catalyst Install Manager (HKLM\...\{D58AFD19-6736-A938-154A-EABEA741D2CC}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5183 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.23-060209a1-030546C-Dell - )
    Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.2.1.0 - Auslogics Labs Pty Ltd)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Contents (Version: 1.6.1.109 - Corel Corporation) Hidden
    Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
    Corel PaintShop Photo Pro X3 (HKLM\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.109 - Corel Corporation)
    Corel PaintShop Photo Pro X3 (Version: 1.00.0000 - Corel Corporation) Hidden
    CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Creative Audio Console (HKLM\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
    Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
    Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
    Creative MediaSource DVD-Audio Player (HKLM\...\Creative MediaSource DVD-Audio Player) (Version:  - )
    Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
    Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
    CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DB CIF Cam (HKLM\...\{83d96ed0-98aa-4515-8ddc-816f3efdd104}) (Version: 1.0 - My Company Name)
    Dell Driver Download Manager (HKU\S-1-5-21-606747145-117609710-839522115-1003\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
    Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
    Dell System Detect (HKU\S-1-5-21-606747145-117609710-839522115-1003\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
    Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    DeviceIO (Version: 1.6.1.109 - Corel Corporation) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
    DivX Content Uploader (HKLM\...\{D050D7362D214723AD585B541FFB6C11}) (Version: 1.2.1 - DivX, Inc.)
    DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.0 - DivX, Inc.)
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
    DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DocumentViewer (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
    ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Evernote v. 5.7.2 (HKLM\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
    Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version:  - )
    Facebook Plug-In (HKU\S-1-5-21-606747145-117609710-839522115-1003\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
    Fax_CDA (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
    FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
    hp deskjet 5100 (HKLM\...\{15C165F1-1DAE-4476-AFB6-8723729B41E7}) (Version: 1.03.0000 - Hewlett-Packard)
    HP Document Viewer 7.0 (HKLM\...\HP Document Viewer) (Version: 7.0 - HP)
    HP ENVY 5530 series Basic Device Software (HKLM\...\{5EBC9F1B-F969-4CF9-A616-F6BDDD46042B}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
    HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
    HP Photo and Imaging 2.0 - Deskjet Series (HKLM\...\{E0828692-FD9D-459F-9312-C645C3CA6650}) (Version: 2.00.0000 - {&Tahoma8}Hewlett-Packard)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
    HP Photosmart, Officejet and Deskjet 7.0.A (HKLM\...\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}) (Version:  - HP)
    hp print screen utility (HKLM\...\hp print screen utility) (Version:  - )
    HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
    HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
    HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
    HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
    ICA (Version: 1.6.1.109 - Corel Corporation) Hidden
    IncrediMail (Version: 6.3.9.5274 - IncrediMail) Hidden
    IncrediMail 2.0 (HKLM\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
    IncrediMail Data Manager (HKLM\...\IncrediMail Data Manager) (Version: 1.15 - Silent Wings Software)
    InstantShareAlert (Version: 1.00.0000 - HP) Hidden
    InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version:  - )
    Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
    Intel® Viiv™ (HKLM\...\{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}) (Version: 1.0.1.2012 - Intel Corporation)
    iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
    IPM_PSP_Pro (Version: 1.00.0000 - Corel Corporation) Hidden
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
    Jasc Animation Shop 3 (HKLM\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
    Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
    Kai's Power Tools 5 (HKLM\...\Kai's Power Tools 5) (Version:  - )
    Kies mini (HKLM\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
    Kies mini (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
    KPT 6 (HKLM\...\KPT 6) (Version:  - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Memeo AutoBackup (HKU\S-1-5-21-606747145-117609710-839522115-1003\...\InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}) (Version: 2.50.1938 - Memeo)
    Memeo AutoBackup (Version: 2.50.1938 - Memeo) Hidden
    Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Drivers Download Utility 3.4.4 (HKLM\...\{8570C6C9-4FD4-4306-8B57-D31A622E3E03}_is1) (Version: 3.4.4 - LionSea Software)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MLE (Version: 1.0.0.23 - Corel Corporation) Hidden
    MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
    Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
    Modem On Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.12 - BVRP Software, Inc)
    Mozilla Firefox 37.0 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version:  - )
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    NewCopy_CDA (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
    PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
    PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    PhotoMail Maker (HKLM\...\PhotoMail) (Version: 6.0.0.1007 - IncrediMail Ltd.)
    PhotoMail Maker (Version: 6.0.0.1007 - IncrediMail) Hidden
    ProductContextNPI (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    PSPH10Pro (Version: 1.00.0000 - Corel Corporation) Hidden
    PSPPContent (Version: 1.00.0000 - Corel Corporation) Hidden
    PSPPRO_DCRAW (Version: 13.0.0 - Corel Corporation) Hidden
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Readme (Version: 71.0.215.000 - Hewlett-Packard) Hidden
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5377 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
    Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
    Seagate DiscWizard (HKLM\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8142 - Seagate)
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Setup (Version: 1.6.1.109 - Corel Corporation) Hidden
    Share (Version: 1.6.1.109 - Corel Corporation) Hidden
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
    SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Sound Blaster Audigy ADVANCED MB Demo (HKLM\...\CTMBDemo) (Version:  - )
    Sound Blaster for Media Center (HKLM\...\Sound Blaster for Media Center) (Version:  - )
    Splat! 1.0 (HKLM\...\Splat) (Version:  - )
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    SweetIM Toolbar for Internet Explorer 3.2 (HKLM\...\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}) (Version: 3.2.0002 - SweetIM Technologies Ltd.) <==== ATTENTION
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
    USB 2.0 Wireless LAN Card Utility (HKLM\...\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}) (Version: 8.1.55 - Dell Inc.)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VIO (Version: 1.6.1.109 - Corel Corporation) Hidden
    virtualPhotographer 1.5.6 (HKLM\...\virtualPhotographer_is1) (Version:  - optikVerve Labs)
    VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
    Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)
    WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.2.2013 - BillP Studios)
    WinRAR 5.00 beta 8 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\MP3Writer.dll No File
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\CoreAAC.ax No File
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\CoreAAC.ax No File
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\MP3Encoder.dll No File
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\CoreAAC.ax No File
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-606747145-117609710-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

    ==================== Restore Points  =========================

    17-12-2014 18:21:32 System Checkpoint
    18-12-2014 19:14:17 System Checkpoint
    19-12-2014 19:39:21 System Checkpoint
    20-12-2014 21:39:48 System Checkpoint
    21-12-2014 22:28:17 System Checkpoint
    23-12-2014 00:25:25 System Checkpoint
    24-12-2014 01:42:44 System Checkpoint
    27-12-2014 16:27:13 System Checkpoint
    28-12-2014 16:43:41 System Checkpoint
    29-12-2014 20:32:14 System Checkpoint
    30-12-2014 21:06:35 System Checkpoint
    01-01-2015 15:11:49 System Checkpoint
    02-01-2015 18:29:54 System Checkpoint
    04-01-2015 16:43:45 System Checkpoint
    05-01-2015 16:44:24 System Checkpoint
    07-01-2015 02:04:15 System Checkpoint
    08-01-2015 05:29:35 System Checkpoint
    09-01-2015 11:54:24 System Checkpoint
    10-01-2015 17:46:12 System Checkpoint
    12-01-2015 00:23:53 System Checkpoint
    13-01-2015 01:18:56 System Checkpoint
    13-01-2015 18:05:21 Software Distribution Service 3.0
    14-01-2015 21:52:13 System Checkpoint
    15-01-2015 22:44:24 System Checkpoint
    16-01-2015 23:33:22 System Checkpoint
    18-01-2015 00:24:52 System Checkpoint
    19-01-2015 01:07:06 System Checkpoint
    20-01-2015 01:28:30 System Checkpoint
    21-01-2015 01:53:36 System Checkpoint
    22-01-2015 01:59:15 System Checkpoint
    25-01-2015 15:12:43 System Checkpoint
    26-01-2015 19:27:59 System Checkpoint
    27-01-2015 19:49:29 System Checkpoint
    28-01-2015 19:55:43 System Checkpoint
    29-01-2015 21:11:05 System Checkpoint
    30-01-2015 21:35:59 System Checkpoint
    01-02-2015 15:58:34 System Checkpoint
    02-02-2015 20:53:42 System Checkpoint
    03-02-2015 22:25:27 System Checkpoint
    04-02-2015 22:29:26 System Checkpoint
    07-02-2015 22:12:49 System Checkpoint
    09-02-2015 17:48:07 System Checkpoint
    10-02-2015 19:19:50 System Checkpoint
    11-02-2015 05:16:40 Software Distribution Service 3.0
    12-02-2015 18:58:41 System Checkpoint
    16-02-2015 21:34:35 Installed HP Support Solutions Framework
    16-02-2015 21:39:45 Removed HPSU306Stub
    16-02-2015 21:59:33 Installed HP Product Assistant
    21-02-2015 00:15:16 System Checkpoint
    23-02-2015 22:45:29 System Checkpoint
    26-02-2015 18:45:08 System Checkpoint
    27-02-2015 20:02:49 System Checkpoint
    02-03-2015 21:37:17 System Checkpoint
    04-03-2015 18:31:52 System Checkpoint
    05-03-2015 18:36:06 System Checkpoint
    06-03-2015 20:20:38 System Checkpoint
    07-03-2015 21:03:55 System Checkpoint
    09-03-2015 01:17:07 System Checkpoint
    10-03-2015 10:57:46 System Checkpoint
    10-03-2015 21:57:31 Software Distribution Service 3.0
    11-03-2015 22:02:11 System Checkpoint
    12-03-2015 22:32:18 System Checkpoint
    14-03-2015 15:55:58 System Checkpoint
    16-03-2015 22:35:58 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-10 07:00 - 2013-10-21 18:39 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-16 16:07 - 2015-03-16 16:07 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031600\algo.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2004-08-10 07:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2015-03-13 23:43 - 2015-03-13 23:43 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
    2014-12-18 16:08 - 2014-12-18 16:08 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
    2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
    2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 ____C () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
    2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 ____C () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
    2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-12-18 16:10 - 2014-12-18 16:10 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\WINDOWS\system32\PSIService.exe
    2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4ABA35EE
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-606747145-117609710-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk => C:\WINDOWS\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\WINDOWS\pss\Adobe Gamma.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\WINDOWS\pss\EvernoteClipper.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk => C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup
    MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ATIPTA => "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    MSCONFIG\startupreg: CTDVDDET => "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
    MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
    MSCONFIG\startupreg: CTSVolFE => "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
    MSCONFIG\startupreg: CTZDetec.exe => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    MSCONFIG\startupreg: DeviceDiscovery => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    MSCONFIG\startupreg: DiscWizardMonitor.exe => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
    MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
    MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
    MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    MSCONFIG\startupreg: HP Software Update => "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    MSCONFIG\startupreg: IncrediMail => C:\Program Files\IncrediMail\bin\IncMail.exe /c
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NeroCheck => C:\WINDOWS\system32\NeroCheck.exe
    MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
    MSCONFIG\startupreg: SleekBillNot => "C:\Program Files\Sleek Bill\Sleek Bill.exe" /n
    MSCONFIG\startupreg: Standby => "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u
    MSCONFIG\startupreg: WinPatrol => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

    ==================== Accounts: =============================

    Administrator (S-1-5-21-606747145-117609710-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-606747145-117609710-839522115-1004 - Limited - Enabled)
    Guest (S-1-5-21-606747145-117609710-839522115-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
    HelpAssistant (S-1-5-21-606747145-117609710-839522115-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-606747145-117609710-839522115-1002 - Limited - Disabled)
    User (S-1-5-21-606747145-117609710-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

    ==================== Faulty Device Manager Devices =============

    Name: RADEON X300 SE 128MB HyperMemory Secondary
    Description: RADEON X300 SE 128MB HyperMemory Secondary
    Class Guid:  TI Technologies Inc.
    Manufacturer: ATI Technologies Inc.
    Service: ati2mtag
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Parport
    Description: Parport
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: Parport
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Serial
    Description: Serial
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: Serial
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/12/2015 10:42:31 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket -567619152.

    Error: (03/12/2015 10:42:31 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket -567619152.

    Error: (03/12/2015 10:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application IncMail.exe, version 6.3.9.5274, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (03/12/2015 10:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application IncMail.exe, version 6.3.9.5274, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (03/12/2015 06:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application imapp.exe, version 6.3.9.5274, faulting module unknown, version 0.0.0.0, fault address 0x00011780.
    Processing media-specific event for [imapp.exe!ws!]

    Error: (02/16/2015 09:59:31 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.

    Error: (02/16/2015 09:59:30 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.

    Error: (02/16/2015 09:59:26 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.

    Error: (02/16/2015 09:59:25 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.

    Error: (02/16/2015 09:59:25 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.


    System errors:
    =============
    Error: (03/17/2015 00:50:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Solutions Framework Service service failed to start due to the following error:
    %%1053

    Error: (03/17/2015 00:50:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (120000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

    Error: (03/17/2015 00:50:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The hpdj service failed to start due to the following error:
    %%2

    Error: (03/17/2015 00:50:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
    %%2

    Error: (03/17/2015 00:45:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HTCMonitorService service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/17/2015 00:45:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Seagate Dashboard Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/17/2015 00:45:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (03/17/2015 00:45:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (03/17/2015 00:45:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/17/2015 00:45:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (03/12/2015 10:42:31 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: -567619152

    Error: (03/12/2015 10:42:31 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: -567619152

    Error: (03/12/2015 10:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IncMail.exe6.3.9.5274hungapp0.0.0.000000000

    Error: (03/12/2015 10:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IncMail.exe6.3.9.5274hungapp0.0.0.000000000

    Error: (03/12/2015 06:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: imapp.exe6.3.9.5274unknown0.0.0.000011780

    Error: (02/16/2015 09:59:31 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.(NULL)(NULL)(NULL)

    Error: (02/16/2015 09:59:30 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.(NULL)(NULL)(NULL)

    Error: (02/16/2015 09:59:26 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.(NULL)(NULL)(NULL)

    Error: (02/16/2015 09:59:25 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.(NULL)(NULL)(NULL)

    Error: (02/16/2015 09:59:25 PM) (Source: MsiInstaller) (EventID: 11306) (User: LEXY)
    Description: Product: HP Product Assistant -- Error 1306.Another application has exclusive access to the file C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\data\hprbplst.dbf.  Please shut down all other applications, then click Retry.(NULL)(NULL)(NULL)


    ==================== Memory info ===========================

    Processor:  Intel® Pentium® D CPU 3.00GHz
    Percentage of memory in use: 32%
    Total physical RAM: 2046.09 MB
    Available physical RAM: 1389.77 MB
    Total Pagefile: 3934.98 MB
    Available Pagefile: 3485.22 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1933.01 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.76 GB) (Free:230.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP EN5530) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 208B3481)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    Advertisements


    #11
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    OTL logfile created on: 3/17/2015 3:25:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.54% Memory free
    3.84 Gb Paging File | 2.99 Gb Available in Paging File | 77.80% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 230.11 Gb Free Space | 49.41% Space Free | Partition Type: NTFS
    Drive D: | 401.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: LEXY | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2015/03/17 03:17:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    PRC - [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2015/01/26 19:13:03 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
    PRC - [2014/12/18 16:10:24 | 000,821,600 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    PRC - [2014/12/06 14:34:21 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/08/04 10:21:14 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    PRC - [2013/10/17 16:27:02 | 000,166,912 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/05/30 15:50:10 | 000,096,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
    PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
    PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
    PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2015/03/16 16:07:11 | 002,922,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15031600\algo.dll
    MOD - [2015/03/13 23:43:03 | 038,714,440 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2015/02/07 23:55:09 | 016,852,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
    MOD - [2015/01/20 23:35:44 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/12/18 16:10:24 | 000,821,600 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    MOD - [2014/12/18 16:08:54 | 000,607,376 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
    MOD - [2014/08/06 13:46:08 | 000,223,592 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
    MOD - [2014/08/06 13:44:14 | 000,129,376 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
    MOD - [2014/08/06 13:42:30 | 000,080,248 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\NInstallerHelper.dll
    MOD - [2014/08/06 13:41:52 | 000,059,752 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
    MOD - [2014/08/06 13:41:50 | 000,036,216 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    MOD - [2014/08/06 13:40:44 | 000,031,080 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
    MOD - [2014/02/12 01:43:32 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2014/02/12 01:40:26 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/12 01:38:08 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/12 01:35:29 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/12 01:35:17 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
    MOD - [2014/02/12 01:34:56 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
    MOD - [2014/02/12 01:32:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/12 01:32:28 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/10/17 16:27:02 | 000,166,912 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    MOD - [2013/08/07 15:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\upnphost.dll -- (upnphost)
    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe -- (hpdj)
    SRV - [2015/03/14 00:04:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2015/02/07 23:55:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/12/11 13:03:12 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
    SRV - [2014/12/06 14:34:21 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/08/04 10:21:14 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
    SRV - [2014/07/06 02:31:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2014/06/12 20:35:09 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2013/10/17 16:27:02 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
    SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
    SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\COMMONFX.DLL -- (COMMONFX.DLL)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)
    DRV - [2014/12/06 14:35:20 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/12/06 14:35:18 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/12/06 14:34:52 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/12/06 14:34:52 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
    DRV - [2014/12/06 14:34:52 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/12/06 14:34:52 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
    DRV - [2014/12/06 14:34:52 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/12/06 14:34:52 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/06/23 18:13:18 | 000,012,800 | ---- | M] (Research in Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimvndis.sys -- (rimvndis)
    DRV - [2013/10/17 16:27:02 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
    DRV - [2013/09/10 19:25:16 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2012/07/21 23:30:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
    DRV - [2012/07/21 23:30:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2012/07/21 23:30:20 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
    DRV - [2012/07/21 23:30:13 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/11/04 16:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
    DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
    DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
    DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
    DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
    DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
    DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
    DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
    DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
    DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
    DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
    DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
    DRV - [2010/02/11 10:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)
    DRV - [2009/01/24 17:36:22 | 000,103,424 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)
    DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/05/18 12:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
    DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
    DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
    DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
    DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
    DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
    DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
    DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
    DRV - [2006/03/02 05:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/05/06 23:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2005/05/06 23:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2005/05/06 23:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.countryCode: "US"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultenginename.US: "Google"
    FF - prefs.js..browser.search.isUS: true
    FF - prefs.js..browser.search.region: "US"
    FF - prefs.js..extensions.enabledAddons: es-ve%40dictionaries.addons.mozilla.org:1.1.17
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.1.0.170
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/27 17:46:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/03/17 00:45:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/03/14 00:04:40 | 000,000,000 | ---D | M]
     
    [2010/10/14 08:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
    [2010/10/14 08:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
    [2015/03/13 23:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\extensions
    [2014/06/13 23:10:29 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\extensions\[email protected]
    [2013/06/28 20:51:08 | 000,000,000 | ---D | M] (Diccionario en Español para Venezuela) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\extensions\[email protected]
    [2015/03/14 00:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2015/03/14 00:04:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2015/01/27 17:46:20 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
     
    O1 HOSTS File: ([2013/10/21 18:39:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKCU..\Run: [BlackBerryLink.exe] "C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize File not found
    O4 - HKCU..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\GLODYH45.LZJ\9PTZC5LD.W03\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe (Dell)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
    O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
    O9 - Extra Button: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
    O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinn...mines/mines.cab (Mines Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1044 (SonyOnlineInstallerX)
    O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinn...gsaw/jigsaw.cab (Jigsaw Genius Control)
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1198171268663 (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229566731421 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790037EE-CA28-4D5D-A87B-30D5B806EC54}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - (PRISMAPI.DLL) - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/20 12:36:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2013/08/14 00:56:17 | 000,000,088 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    NetSvcs: Ias -  File not found
    NetSvcs: Iprip -  File not found
    NetSvcs: Irmon -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: WmdmPmSp -  File not found
     
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk -  - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe - (Dell Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk -  - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk -  - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\User\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe - (Macrovision Corporation)
    MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
    MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
    MsConfig - StartUpReg: Creative Detector - hkey= - key= - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
    MsConfig - StartUpReg: CTDVDDET - hkey= - key= - C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    MsConfig - StartUpReg: CTHelper - hkey= - key= -  File not found
    MsConfig - StartUpReg: CTSVolFE - hkey= - key= -  File not found
    MsConfig - StartUpReg: CTxfiHlp - hkey= - key= -  File not found
    MsConfig - StartUpReg: CTZDetec.exe - hkey= - key= -  File not found
    MsConfig - StartUpReg: DeviceDiscovery - hkey= - key= - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
    MsConfig - StartUpReg: DiscWizardMonitor.exe - hkey= - key= - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    MsConfig - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig - StartUpReg: DriverMax - hkey= - key= -  File not found
    MsConfig - StartUpReg: DriverMax_RESTART - hkey= - key= -  File not found
    MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    MsConfig - StartUpReg: FileHippo.com - hkey= - key= - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
    MsConfig - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: Memeo AutoSync - hkey= - key= - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
    MsConfig - StartUpReg: OutfoxTV - hkey= - key= -  File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: Seagate Dashboard - hkey= - key= - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    MsConfig - StartUpReg: Seagate Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    MsConfig - StartUpReg: SleekBillNot - hkey= - key= -  File not found
    MsConfig - StartUpReg: Standby - hkey= - key= - c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
    MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
    MsConfig - StartUpReg: UserFaultCheck - hkey= - key= -  File not found
    MsConfig - StartUpReg: WinPatrol - hkey= - key= - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2
     
    SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
     
    SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
     
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
    ActiveX: {23FFF8D6-FDB5-DCCE-1D52-623427C7CDDE} - KB910393
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035)
    ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {7839007E-695E-3159-EC99-718C098C6EA1} - Internet Explorer Version Update
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {BA0BE1B1-C5E7-483B-B524-71F5B2C43FBA} - Microsoft .NET Framework 1.0 Security Update (KB2904878)
    ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {D6C3E2A4-60CF-4540-860B-F2B1FB51689B} - Microsoft .NET Framework 1.0 Security Update (KB2833951)
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607)
    ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
    ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
     
    Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.MPEGacm - c:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.ulmp3acm - c:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/03/17 03:17:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2015/03/17 00:30:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2015/03/17 00:29:19 | 001,388,737 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
    [2015/03/14 00:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2015/03/10 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2015/03/10 16:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2015/03/10 16:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    [2015/02/16 21:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
    [2015/02/16 21:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
    [2015/02/16 21:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
    [2015/02/16 21:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\HpUpdate
    [2015/02/16 21:39:13 | 000,597,512 | ---- | C] (Hewlett-Packard Development Company, LP) -- C:\WINDOWS\System32\HPDiscoPMC311.dll
    [2015/02/16 21:39:07 | 002,525,368 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_EN5530.dll
    [2015/02/16 21:39:07 | 000,417,464 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_EN5530.dll
    [2015/02/16 21:38:58 | 000,271,032 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC311LM.dll
    [2015/02/16 21:38:58 | 000,222,904 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoiC311.dll
    [2015/02/16 21:38:57 | 002,220,216 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkinsC311.exe
    [2015/02/16 21:38:57 | 000,536,760 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC311.dll
    [2015/02/16 21:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\HP Downloads
    [2015/02/16 21:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Hewlett-Packard
    [2005/12/13 17:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Local Settings\Application Data\stdole.dll
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/03/17 03:17:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2015/03/17 02:55:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2015/03/17 01:35:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2015/03/17 00:48:20 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 5530 series.lnk
    [2015/03/17 00:48:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2015/03/17 00:46:53 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
    [2015/03/17 00:46:53 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
    [2015/03/17 00:46:52 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
    [2015/03/17 00:46:52 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
    [2015/03/17 00:46:52 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
    [2015/03/17 00:43:15 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
    [2015/03/17 00:29:19 | 001,388,737 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
    [2015/03/17 00:25:59 | 002,171,392 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
    [2015/03/16 16:02:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2015/03/14 20:51:34 | 004,935,328 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20061102}.CDF
    [2015/03/14 20:51:34 | 004,935,328 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20061102}.BAK
    [2015/03/13 01:50:30 | 000,092,997 | ---- | M] () -- C:\Documents and Settings\User\Desktop\10369739_10154130685900304_7924632805066123512_n.jpg
    [2015/03/13 01:49:59 | 000,101,000 | ---- | M] () -- C:\Documents and Settings\User\Desktop\10275978_10154130685975304_5070269760344749306_n.jpg
    [2015/03/12 18:52:08 | 000,055,004 | ---- | M] () -- C:\Documents and Settings\User\Desktop\10533126_10205490908339914_1840075013766445309_n.jpg
    [2015/03/11 02:38:23 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2015/03/10 18:01:09 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2015/03/10 16:19:41 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2015/03/08 15:04:22 | 000,520,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2015/03/08 15:04:22 | 000,088,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2015/03/08 15:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2015/02/17 22:10:37 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2015/02/16 21:59:42 | 000,000,323 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HP Printer Diagnostic Tools.url
    [2015/02/16 21:50:10 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HP Printing Software.url
    [2015/02/16 21:40:15 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
    [2015/02/16 21:39:12 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ENVY 5530 series.lnk
    [2015/02/16 21:39:12 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
    [2015/02/16 21:38:31 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2015/02/16 21:34:19 | 005,197,824 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HPSupportSolutionsFramework-en-11.51.0048.msi
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2015/03/17 00:25:57 | 002,171,392 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
    [2015/03/13 01:50:30 | 000,092,997 | ---- | C] () -- C:\Documents and Settings\User\Desktop\10369739_10154130685900304_7924632805066123512_n.jpg
    [2015/03/13 01:49:58 | 000,101,000 | ---- | C] () -- C:\Documents and Settings\User\Desktop\10275978_10154130685975304_5070269760344749306_n.jpg
    [2015/03/12 18:52:07 | 000,055,004 | ---- | C] () -- C:\Documents and Settings\User\Desktop\10533126_10205490908339914_1840075013766445309_n.jpg
    [2015/03/10 18:01:09 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2015/03/10 16:19:41 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2015/02/16 22:07:43 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 5530 series.lnk
    [2015/02/16 21:59:42 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HP Printer Diagnostic Tools.url
    [2015/02/16 21:50:10 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HP Printing Software.url
    [2015/02/16 21:40:15 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
    [2015/02/16 21:39:12 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ENVY 5530 series.lnk
    [2015/02/16 21:39:12 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
    [2015/02/16 21:38:31 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2015/02/16 21:34:18 | 005,197,824 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HPSupportSolutionsFramework-en-11.51.0048.msi
    [2014/12/12 03:46:44 | 002,900,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2014/07/14 16:59:04 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rbxcsettings.rbx
    [2014/07/07 03:49:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
    [2014/07/06 01:19:54 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
    [2014/05/31 00:28:05 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
    [2014/05/24 21:14:56 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2014/05/13 14:59:08 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/02/21 00:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2014/02/21 00:03:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2014/02/21 00:03:12 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2014/02/13 19:08:36 | 000,403,202 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/11/05 12:11:25 | 000,206,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/11/05 12:11:25 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2011/08/18 13:09:03 | 000,223,067 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
    [2011/08/18 13:08:59 | 000,206,473 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
    [2011/03/02 11:21:22 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\User\Application Data\$_hpcst$.hpc
    [2011/02/01 10:46:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
    [2010/11/26 15:28:22 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/07/22 03:18:12 | 000,465,840 | ---- | C] () -- C:\Documents and Settings\User\backupNorton.NPM
    [2010/07/04 21:34:42 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3C85787D61.sys
    [2010/07/04 21:34:41 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2007/12/22 22:58:23 | 000,203,776 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/20 12:47:25 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
    [2007/07/13 14:36:22 | 000,220,184 | ---- | C] ( ) -- C:\Documents and Settings\User\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
     
    ========== ZeroAccess Check ==========
     
    [2007/12/20 12:33:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: ST500DM002-1BD142
    Partitions: 1
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 32256
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2011/06/21 03:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\acccore
    [2013/08/18 20:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe
    [2008/01/31 19:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
    [2008/06/18 21:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Alien Skin
    [2012/03/11 21:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apple Computer
    [2014/08/23 03:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\asoftech
    [2012/07/25 03:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
    [2013/11/05 12:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
    [2014/12/31 00:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Corel
    [2014/09/17 20:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Creative
    [2013/03/05 13:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DDMSettings
    [2014/05/16 00:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dell
    [2014/05/31 00:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DivX
    [2014/12/12 03:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
    [2009/01/13 16:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss
    [2010/08/30 20:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
    [2010/06/15 00:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
    [2013/10/14 13:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
    [2008/02/29 16:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HP
    [2015/02/16 21:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HpUpdate
    [2013/12/02 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HTC
    [2007/12/20 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities
    [2007/12/23 00:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InstallShield
    [2008/01/22 12:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jasc
    [2008/02/03 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jasc Software Inc
    [2007/12/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Lavasoft
    [2012/06/29 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
    [2008/03/25 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia
    [2014/06/29 15:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Malwarebytes
    [2012/06/29 23:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Memeo
    [2014/05/19 12:42:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft
    [2010/07/07 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\motorola
    [2010/04/05 17:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla
    [2012/07/25 14:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
    [2008/12/30 02:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Tools
    [2008/08/26 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Playrix Entertainment
    [2010/08/17 02:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ransen Software
    [2012/06/29 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Seagate
    [2008/08/15 00:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SmartDraw
    [2010/11/25 03:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Smilebox
    [2012/03/12 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony Online Entertainment
    [2008/03/01 15:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun
    [2014/07/27 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
    [2010/08/25 23:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Symantec
    [2014/01/31 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\U3
    [2014/12/31 00:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
    [2014/07/01 13:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Verizon
    [2014/09/17 20:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc
    [2012/03/17 20:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinPatrol
    [2012/10/04 17:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinRAR
    [2008/12/15 13:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinWay
    [2014/01/24 15:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wondershare
    [2014/12/12 01:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\XCPCSync.OEM
    [2012/07/22 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yahoo!
     
    < MD5 for: ATAPI.SYS  >
    [2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/08/28 19:20:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/08/28 19:20:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
    [2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
    [2004/08/10 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
    [2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [2004/08/10 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
    [2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
    [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
    [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
    [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
    [2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
    [2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
    [2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
    [2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
     
    < MD5 for: NWPROVAU.DLL  >
    [2008/04/13 20:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
    [2008/04/13 20:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
    [2008/04/13 20:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
    [2006/10/13 08:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
    [2006/10/13 08:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
    [2004/08/10 07:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2004/08/10 07:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
    [2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
    [2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
    [2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll
     
    < MD5 for: RSVPSP.DLL  >
    [2008/04/13 20:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
    [2008/04/13 20:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
    [2004/08/10 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINDOWS\$NtServicePackUninstall$\rsvpsp.dll
     
    < MD5 for: SERVICES.EXE  >
    [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/10 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
    [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2014/11/21 07:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
    [2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    [2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    [2004/08/10 07:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
    [2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2014/11/21 07:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2004/08/10 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
    [2008/04/13 20:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
    [2008/04/13 20:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/03/14 00:04:49 | 000,921,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/03/14 00:04:49 | 000,921,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/03/14 00:04:49 | 000,921,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/03/14 00:04:49 | 000,921,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/03/14 00:04:49 | 000,921,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/03/14 00:04:49 | 000,921,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2015/03/14 00:04:51 | 000,376,944 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
     
    < %systemroot%\system32\*.dll /lockedfiles >
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2008/04/13 20:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
    [2004/08/10 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
    [2004/08/10 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
    [2009/11/20 07:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
    [2010/12/21 08:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
    [2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
    [2009/11/20 07:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
    [2004/08/10 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
    [2004/08/10 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
    [2008/04/13 20:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
    [2004/08/10 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
    [2004/08/10 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
    [2004/08/10 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
    [2004/08/10 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
    [2004/08/10 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
    [2004/08/10 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
    [2004/08/10 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
    [2004/08/10 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
    [2004/08/10 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
    [2004/08/10 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
    [2004/08/10 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
    [2004/08/10 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
    [2004/08/10 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
    [2004/08/10 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
    [2004/08/10 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
    [2004/08/10 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
    [2004/08/10 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
    [2004/08/10 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
    [2004/08/10 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
    [2004/08/10 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
    [2004/08/10 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
    [2004/08/10 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
    [2004/08/10 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
    [2004/08/10 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
    [2004/08/10 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
    [2004/08/10 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
    [2004/08/10 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
    [2004/08/10 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
    [2004/08/10 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
    [2004/08/10 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
    [2004/08/10 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
    [2004/08/10 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
    [2004/08/10 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
    [2004/08/10 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
    [2004/08/10 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
    [2004/08/10 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
    [2004/08/10 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
    [2004/08/10 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
    [2004/08/10 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
    [2004/08/10 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
    [2004/08/10 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
    [2004/08/10 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
    [2004/08/10 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
    [2004/08/10 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
    [2004/08/10 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
    [2004/08/10 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
    [2004/08/10 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
    [2004/08/10 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
    [2004/08/10 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
    [2004/08/10 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
    [2004/08/10 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
    [2004/08/10 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
    [2004/08/10 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
    [2004/08/10 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
    [2004/08/10 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
    [2004/08/10 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
    [2004/08/10 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
    [2004/08/10 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
    [2004/08/10 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
    [2004/08/10 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
    [2004/08/10 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
    [2004/08/10 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
    [2004/08/10 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
    [2004/08/10 07:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4ABA35EE
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >
     


    • 0

    #12
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    OTL Extras logfile created on: 3/17/2015 3:25:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.54% Memory free
    3.84 Gb Paging File | 2.99 Gb Available in Paging File | 77.80% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 230.11 Gb Free Space | 49.41% Space Free | Partition Type: NTFS
    Drive D: | 401.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: LEXY | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- "%1" %*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "57384:TCP" = 57384:TCP:*:Enabled:Pando P2P TCP Listening Port
    "57384:UDP" = 57384:UDP:*:Enabled:Pando P2P UDP Listening Port
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "57428:TCP" = 57428:TCP:*:Enabled:Pando
    "57428:UDP" = 57428:UDP:*:Enabled:Pando
    "56090:TCP" = 56090:TCP:*:Enabled:Pando
    "56090:UDP" = 56090:UDP:*:Enabled:Pando
    "67:UDP" = 67:UDP:*:Enabled:DHCP Server
    "5357:TCP" = 5357:TCP:*:Enabled:WS-Eventing TCP Port 5357
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Sleek Bill\libj\launch4j-tmp\Sleek Bill.exe" = C:\Program Files\Sleek Bill\libj\launch4j-tmp\Sleek Bill.exe:*:Enabled:Java™ Platform SE binary
    "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe" = C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe:LocalSubNet:Enabled:BlackBerry Link Tunnel Manager (TCP)
    "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe" = C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe:LocalSubNet:Enabled:BlackBerry Link MDNS Service (TCP)
    "C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe" = C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe:LocalSubNet:Enabled:BlackBerry Link Service (Nginx)
    "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" = C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe:LocalSubNet:Enabled:BlackBerry Link Peer Manager
    "C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe" = C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager -- ()
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Documents and Settings\User\Local Settings\Application Data\IM\Runtime\IncrediMail_Install.exe" = C:\Documents and Settings\User\Local Settings\Application Data\IM\Runtime\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- ()
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation)
    "C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
    "C:\Program Files\Sleek Bill\libj\launch4j-tmp\Sleek Bill.exe" = C:\Program Files\Sleek Bill\libj\launch4j-tmp\Sleek Bill.exe:*:Enabled:Java™ Platform SE binary
    "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe" = C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe:LocalSubNet:Enabled:BlackBerry Link Tunnel Manager (TCP)
    "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe" = C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe:LocalSubNet:Enabled:BlackBerry Link MDNS Service (TCP)
    "C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe" = C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe:LocalSubNet:Enabled:BlackBerry Link Service (Nginx)
    "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" = C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe:LocalSubNet:Enabled:BlackBerry Link Peer Manager
    "C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe" = C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager -- ()
    "C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP ENVY 5530 series) -- (Hewlett-Packard Development Company, LP)
    "C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP ENVY 5530 series) -- (Hewlett-Packard Development Company, LP)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
    "{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{231D0C79-98A6-4693-A366-36DE7D7346EC}" = HTC Sync Manager
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}" = iTunes
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
    "{447CDCE5-F555-429B-BFA6-642C3C6D684F}" = Apple Application Support (32-bit)
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
    "{5EBC9F1B-F969-4CF9-A616-F6BDDD46042B}" = HP ENVY 5530 series Basic Device Software
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
    "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
    "{83FA27D5-25B5-4D24-B796-DF742F08A5CF}" = SweetIM Toolbar for Internet Explorer 3.2
    "{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
    "{8570C6C9-4FD4-4306-8B57-D31A622E3E03}_is1" = Microsoft Drivers Download Utility 3.4.4
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
    "{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97EAE055-1BE8-4775-8101-453E9715EC3F}" = HP ENVY 5530 series Help
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
    "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
    "{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
    "{D58AFD19-6736-A938-154A-EABEA741D2CC}" = AMD Catalyst Install Manager
    "{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
    "{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
    "{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
    "{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
    "{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
    "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
    "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
    "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
    "{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{E1DB0812-2D60-43DB-AE09-6C7027D93B28}" = Apple Mobile Device Support
    "{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}" = HP Support Solutions Framework
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
    "{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FB57263E-706F-11E4-A65F-00163E98E7D6}" = Evernote v. 5.7.2
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "20/20 v2.2" = 20/20 v2.2
    "7-Zip" = 7-Zip 9.22beta
    "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
    "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AudioCS" = Creative Audio Console
    "Avast" = Avast Free Antivirus
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Belarc Advisor" = Belarc Advisor 8.4
    "CleanUp!" = CleanUp!
    "Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "CTMBDemo" = Sound Blaster Audigy ADVANCED MB Demo
    "DivX Setup" = DivX Setup
    "ERUNT_is1" = ERUNT 1.1j
    "ESPNMotion" = ESPNMotion
    "Eye Candy 4000" = Eye Candy 4000
    "EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
    "EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
    "EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
    "FileHippo.com" = FileHippo.com Update Checker
    "FileZilla Client" = FileZilla Client 3.7.3
    "HijackThis" = HijackThis 2.0.2
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Photo Creations" = HP Photo Creations
    "hp print screen utility" = hp print screen utility
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IncrediMail" = IncrediMail 2.0
    "IncrediMail Data Manager" = IncrediMail Data Manager
    "InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
    "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
    "Kai's Power Tools 5" = Kai's Power Tools 5
    "KPT 6" = KPT 6
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
    "Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 37.0 (x86 en-US)" = Mozilla Firefox 37.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NMPUninstallKey" = Ahead NeroMediaPlayer
    "PC-Doctor for Windows" = My Dell
    "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
    "PhotoMail" = PhotoMail Maker
    "PROSet" = Intel® PRO Network Connections Drivers
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "Sound Blaster for Media Center" = Sound Blaster for Media Center
    "Splat" = Splat! 1.0
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "virtualPhotographer_is1" = virtualPhotographer 1.5.6
    "VLC media player" = VLC media player 2.0.3
    "VzInHomeAgent" = Vz In-Home Agent
    "WaveStudio 7" = Creative WaveStudio 7
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WhoCrashed_is1" = WhoCrashed 5.02
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 5.00 beta 8 (32-bit)
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "9204f5692a8faf3b" = Dell System Detect
    "Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Facebook Plug-In" = Facebook Plug-In
    "InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 10/18/2014 7:25:57 PM | Computer Name = LEXY | Source = Application Error | ID = 1001
    Description = Fault bucket 572538591.
     
    Error - 10/20/2014 10:03:23 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: Setup -- Error 1706.No valid source could be found for product
     Setup.  The Windows Installer cannot continue.
     
    Error - 10/20/2014 10:03:23 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: Setup -- Error 1706.No valid source could be found for product
     Setup.  The Windows Installer cannot continue.
     
    Error - 10/20/2014 10:03:23 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: Corel PaintShop Pro X4 -- Error 1706.No valid source could
     be found for product Corel PaintShop Pro X4.  The Windows Installer cannot continue.
     
    Error - 10/20/2014 10:03:24 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: PSPPContent -- Error 1706.No valid source could be found
    for product PSPPContent.  The Windows Installer cannot continue.
     
    Error - 10/20/2014 10:03:24 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: PSPPHelp -- Error 1706.No valid source could be found for
     product PSPPHelp.  The Windows Installer cannot continue.
     
    Error - 10/20/2014 10:03:24 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: IPM_PSP_COM -- Error 1706.No valid source could be found
    for product IPM_PSP_COM.  The Windows Installer cannot continue.
     
    Error - 10/20/2014 10:03:24 PM | Computer Name = LEXY | Source = MsiInstaller | ID = 11706
    Description = Product: ICA -- Error 1706.No valid source could be found for product
     ICA.  The Windows Installer cannot continue.
     
    Error - 10/23/2014 9:07:17 PM | Computer Name = LEXY | Source = Application Hang | ID = 1002
    Description = Hanging application IncMail.exe, version 6.3.9.5274, hang module hungapp,
     version 0.0.0.0, hang address 0x00000000.
     
    Error - 10/23/2014 9:08:43 PM | Computer Name = LEXY | Source = Application Hang | ID = 1001
    Description = Fault bucket -567619152.
     
    [ System Events ]
    Error - 3/17/2015 12:45:29 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7031
    Description = The Media Center Extender Service service terminated unexpectedly.
      It has done this 1 time(s).  The following corrective action will be taken in
    5000 milliseconds: Restart the service.
     
    Error - 3/17/2015 12:45:29 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7034
    Description = The Application Layer Gateway Service service terminated unexpectedly.
      It has done this 1 time(s).
     
    Error - 3/17/2015 12:45:29 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7031
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
     unexpectedly.  It has done this 1 time(s).  The following corrective action will
     be taken in 0 milliseconds: Restart the service.
     
    Error - 3/17/2015 12:45:29 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7031
    Description = The COM+ System Application service terminated unexpectedly.  It has
     done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds:
     Restart the service.
     
    Error - 3/17/2015 12:45:29 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7034
    Description = The Seagate Dashboard Service service terminated unexpectedly.  It
     has done this 1 time(s).
     
    Error - 3/17/2015 12:45:29 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7034
    Description = The HTCMonitorService service terminated unexpectedly.  It has done
     this 1 time(s).
     
    Error - 3/17/2015 12:50:24 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7000
    Description = The Zune Bus Enumerator Driver service failed to start due to the
    following error:   %%2
     
    Error - 3/17/2015 12:50:24 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7000
    Description = The hpdj service failed to start due to the following error:   %%2
     
    Error - 3/17/2015 12:50:24 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7009
    Description = Timeout (120000 milliseconds) waiting for the HP Support Solutions
     Framework Service service to connect.
     
    Error - 3/17/2015 12:50:24 AM | Computer Name = LEXY | Source = Service Control Manager | ID = 7000
    Description = The HP Support Solutions Framework Service service failed to start
     due to the following error:   %%1053
     
     
    < End of report >
     


    • 0

    #13
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    Yes i think it has a 2 year warranty .. will check tomorrow ..

     

    Going to reboot I am up to the instruction to clear the log for system and application and now I have to reboot so it can check my disc .. be back as soon as it completes ....


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    No sign of infection in your logs.  Lots of missing files - perhaps from the hard drive perhaps normal poor uninstall.  Hard to tell.  Why do you have so much turned off in msconfig?

     

    Go to seagate's website and get their seatool

     

    http://www.seagate.c...ols-win-master/

     

    It will check your drive (you want the extended test which will take a while)


    • 0

    #15
    Lexy610

    Lexy610

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 743 posts

    Hi I am still working on post #7 of the instructions .. trying to catch up .. I am up to the part where I am asked to do the "command prompt" but i font see an option to use as "administrator" I am however the only user on the computer and believe my account is the administrator account.

     

    So I typed in sfc/scannow anyways and keep getting this >>>

     

    IMG_0564.JPG

     

    What do i do next?  Do I continued on to the next step because I have no idea what cd or what to do next ..

     

    what do you mean by "why do I have so much turned off in msconfig?"

     


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP