# Blue Screen



## jen13007 (Apr 12, 2012)

Hi there, now let this be known. I am completely useless (ish) when it comes to being technical with computers. So excuse any parts of my stupidity which may arise.

I'm running vista on an emachines e520 which is blue screening at the user/password screen when I boot up. I've opened in safe mode, and thought of trying to restore to a previous point. It comes up the following error:










And to use the emachines recovery/restore it's saying that 'enpowering technology is not ready' and that I should restart my laptop. (Done so, didn't help)

I don't have/can't find the disc(s) which came with the laptop, and currently can't afford the expense of a new laptop. 

I've tried to find the blue screen logs, but either it's not saving them/showing them in safe mode.

Currently running avast home edition scan to see what pops up. It was disabled yesterday (for reasons unbeknown to me) and is not wanting to become enabled in safe mode.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Basic, Service Pack 2, 32 bit
Processor: Genuine Intel(R) CPU 575 @ 2.00GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 1
RAM: 953 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 285 Mb
Hard Drives: C: Total - 142380 MB, Free - 62018 MB;
Motherboard: eMachines, E520
Antivirus: avast! antivirus, Disabled

Any help and suggestions anyone can give would be gratefully received.

Thanks
Jen


----------



## blues_harp28 (Jan 9, 2005)

Hi and welcome.
Your system restore attachment done in Safe Mode - is not showing in your post.
Did the Avast scan in Safe Mode, show any infections?

You will need at sometime the Vista install Cd.


----------



## jen13007 (Apr 12, 2012)

The error message is saying 
'To perform an offline system restore, you must specify which windows installation you would like to restore. For example if the installation located in C:\Windows should be restored, enter the following command.
rstrui.exe/OFFLINE:C:\Windows'


I'm in safe mode with networking, so unsure why it thinks i'm offline. I've previously used restore in safe mode and never encountered this.

I have a feeling my restore points have been corrupted.


Avast found 13 files, would you like me to specify the names? 

I also ran Iobit's advanced system care this morning, it found around 700 registry faults, no viruses. I repaired these through AS but I expect it doesn't do much to them?

Another pickle I have, as like most laptops, my serial number has been rubbed off. I have called a repair specialist and he says he needs that number, otherwise i'd need to install windows 7. :/ Again, i'm clueless really.


----------



## blues_harp28 (Jan 9, 2005)

Stay away from any Registry Cleaner - they can cause more problems than they solve.
Did Avast remove any viruses that it found?

Download.
MalwareBytes and SuperAntiSpyware to your desktop.
Download the Free versions of both programs.

MalwareBytes

SuperAntiSpyware

Once they are downloaded to your desktop.
Close all open browser windows.

*MalwareBytes*
Click on the Install icon - allow it to update during the install process.

Start Malwarebytes Anti-Malware.
Click on Scanner > then quick scan >then Scan.
Any infections or problems will be highlighted in red.
After the scan is finished - Click - Show Results.
Check that all entries are selected.
Click - Remove Selected.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes again.
Click on the Logs Tab.
Highlight the scan log entry.
Click - Open.
The scan log will appear in Notepad.
Copy and paste it in your next post.

*SuperAntiSpyware*
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.

Depending on what shows up in your Malware logs - we may need to move your post to the Virus & Other Malware Removal Forum for expert help


----------



## jen13007 (Apr 12, 2012)

Avast moved it to chest, not sure if it removed completely.

MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

11/11/2010 07:01:36
mbam-log-2010-11-11 (07-01-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 266899
Time elapsed: 3 hour(s), 22 minute(s), 23 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 2
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 18

Memory Processes Infected:
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\0.3108866271421111.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

SuperAnti Spyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2012 at 02:11 PM

Application Version : 5.0.1146

Core Rules Database Version : 8451
Trace Rules Database Version: 6263

Scan type : Quick Scan
Total Scan Time : 00:08:46

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 27590
Registry threats detected : 4
File items scanned : 16695
File threats detected : 519

Malware.Trace
HKU\.DEFAULT\Software\NtWqIVLZEWZU
HKU\S-1-5-18\Software\NtWqIVLZEWZU
HKU\.DEFAULT\SOFTWARE\XML
HKU\S-1-5-18\SOFTWARE\XML

Rogue.MSE-Fraud
C:\Users\Jennifer\AppData\Roaming\install

Adware.Tracking Cookie
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /advertising ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /atdmt.combing ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /atdmt.combing ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /atdmt.combing ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt [ /atdmt.combing ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt [ /atdmt.combing ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][10].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][11].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][7].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][8].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][9].txt [ /atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /c.atdmt ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /doubleclick ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /doubleclick ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /help.virginmedia ]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /msadcenter.112.2o7 ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/index.php/resetLegacy ]
C:\USERS\JENNIFER\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\JENNIFER\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\JENNIFER\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
.forcesdiscounts-mod.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.forcesdiscounts-mod.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.find.galegroup.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.find.galegroup.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.findmypast.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.findmypast.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.findmypast.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.gmeurope.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.experianservicescorp.122.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.192com.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.trinitymirror.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.haymarketbusinesspublications.122.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tsleducation.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.educationcom.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
delivery.ads-littlestarmedia.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
delivery.ads-littlestarmedia.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.unrulymedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.trackalyzer.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.adserving.pixfuture.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
r.unicornmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tracking.percentmobile.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.newsquestdigitalmedia.122.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.findaproperty.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.findaproperty.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.findaproperty.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.findaproperty.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.findaproperty.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.nextag.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tag.2bluemedia.hiro.tv [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tag.2bluemedia.hiro.tv [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.hxtrack.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.nextag.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.unsecuredloansforyou.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
counter.hitslink.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.roiservice.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.eclickz.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pornxi.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.www.pornxi.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pornxi.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pornxi.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.toplist.cz [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.pornxi.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.care2.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.newlook.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
tracking.hostgator.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
stats.badoostats.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.search.eclickz.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.search.eclickz.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.eclickz.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
adserver.twitpic.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ads.audience2media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.audience2media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ads.audience2media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.ffdbonprixuk.solution.weborama.fr [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.countrywide.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.countrywide.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.countrywidepropertyauctions.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.countrywidepropertyauctions.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.122.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ox-d.adservermedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.microsoftwlsearchcrm.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.countrywidescotland.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.countrywidescotland.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.countrywidescotland.co.uk [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.bizzclick.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.myaccount.sky.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
myaccount.sky.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.microsoftwindows.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.aimfar.solution.weborama.fr [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
www4.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
click.eyk.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
oasc-eu1.247realmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
track.prd1.netshelter.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
oasc-eu1.247realmedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.argos.112.2o7.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virginmedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\JENNIFER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Still blue screening on normal, as I forgot to boot up in safe mode.


----------



## blues_harp28 (Jan 9, 2005)

Although Malwarebytes and Superantispyware have removed some malware - there may be others present that need specialised tools to remove them.
Also the fact that Avast has been disabled, is not a good sign.

All of this may be stopping your system from booting in normal mode and we need to make sure that your system is clean.

I am asking for your post to be moved to the Virus & Other Malware Removal Forum for expert help

They are always busy and it may take some time before they can help you.


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## jen13007 (Apr 12, 2012)

Hi. Thanks for your reply and help.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_29
Run by Jennifer at 16:30:17 on 2012-04-13
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.953.390 [GMT 1:00]
.
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginmedia.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [eRecoveryService] 
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\t-mobile mobile broadband manager\UIExec.exe"
mRun: [Skytel] Skytel.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\users\jennifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\autobahn.lnk - c:\users\jennifer\appdata\local\autobahn\autobahn.exe
StartupFolder: c:\users\jennifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pbttbc.bt
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{82712210-6590-4A59-B481-21504CF4421B} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\gctjlzt8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-8 27632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-3 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-12 337880]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-12 20696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-12 57688]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-3 44768]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-10-21 24576]
S2 gupdate1c9d0fe7d75d678;Google Update Service (gupdate1c9d0fe7d75d678);c:\program files\google\update\GoogleUpdate.exe [2009-5-10 133104]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\supserv.exe --> c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [?]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-16 2337144]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
S2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2009-12-10 241664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-8 13224]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-28 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-10 133104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-12-10 9728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-28 22344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-5-14 508288]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-7-8 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-7-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-7-8 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-7-8 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-7-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-7-8 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-7-8 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-4-17 150528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-28 654408]
.
=============== Created Last 30 ================
.
2012-04-13 12:57:15 54016 ----a-w- c:\windows\system32\drivers\gaacorgv.sys
2012-04-13 12:46:20 -------- d-----w- c:\users\jennifer\appdata\roaming\SUPERAntiSpyware.com
2012-04-13 12:45:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-13 12:45:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 12:06:13 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 12:06:13 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 08:50:07 -------- d-----w- c:\programdata\IObit
2012-04-13 08:49:11 -------- d-----w- c:\users\jennifer\appdata\roaming\IObit
2012-04-13 08:49:05 -------- d-----w- c:\program files\IObit
2012-04-03 08:54:19 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-03 08:51:19 41184 ----a-w- c:\windows\avastSS.scr
2012-04-03 08:50:50 -------- d-----w- c:\program files\AVAST Software
2012-04-03 08:50:14 -------- d-----w- c:\programdata\AVAST Software
2012-03-15 19:17:13 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-15 19:17:13 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 16:33:59.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume2
Install Date: 21/10/2008 18:13:55
System Uptime: 13/04/2012 14:16:09 (2 hours ago)
.
Motherboard: eMachines | | E520 
Processor: Genuine Intel(R) CPU 575 @ 2.00GHz | uPGA-478 | 1995/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 65.28 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Agatha Christie Death on the Nile
Alice Greenfingers
ALPS Touch Pad Driver
Amazing Adventures The Lost Tomb
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
µTorrent
Avanquest update
avast! Free Antivirus
Azada
BBC iPlayer Desktop
Bejeweled 2 Deluxe
Bonjour
Bookworm Deluxe
Bricks of Egypt
Build-a-lot
Cake Mania
Chuzzle
Compatibility Pack for the 2007 Office system
Diner Dash
DivX Web Player
Dream Day First Home
eMachines
eMachines Recovery Management
eMachines ScreenSaver
Farm Frenzy
FreeMind
Galapago
GearDrvs
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graboid Video 1.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD 8
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Launch Manager
LG PC Suite II
LG USB Modem driver
LightScribe 1.4.142.1
LimeWire 5.2.13
Logitech Vid
Logitech Webcam Software
Luxor
Mahjong Escape Ancient China
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla ActiveX Control v1.7.12
Mozilla Firefox 11.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Safari
Samsung USB Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Click to Call
Skype™ 5.5
Sony Ericsson PC Companion 2.01.173
Spotify
T-Mobile Mobile Broadband Manager
TeamViewer 6
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Trust WB-1400T Webcam
Turbo Pizza
TweetDeck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6d
Vuze
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Xvid Video Codec
Yahoo! Detect
Zuma Deluxe
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-13 18:30:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: 36ov6lyn.exe; Driver: C:\Users\Jennifer\AppData\Local\Temp\pxddrkog.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Jennifer\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74D07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74D0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74CFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74D075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74CFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74D0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74CFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74CFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74CF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74D2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74CFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74CF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74CF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74D02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\[email protected] 640
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session [email protected] \??\C:\Windows\TEMP\logishrd\LVPrcInj0b.dll??\??\C:\Windows\TEMP\logishrd\??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration [email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory [email protected] \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\[email protected] 809
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\[email protected] 347251293
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\[email protected] 15
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal [email protected] 62a28929-5314-4ea2-9253-ac46e24
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 4413
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}@DhcpIPAddress 192.168.0.3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}@LeaseObtainedTime 1334148946
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}@T1 1334192146
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}@T2 1334224546
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}@LeaseTerminatesTime 1334235346
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter 5538
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help 5539
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] List 5344 5350 5362 5372 5382 5402 5446 5456 5494 5500 5516 5524
Reg HKLM\SYSTEM\CurrentControlSet\Services\{82712210-6590-4A59-B481-21504CF4421B}\Parameters\[email protected] 192.168.0.3
Reg HKLM\SYSTEM\CurrentControlSet\Services\{82712210-6590-4A59-B481-21504CF4421B}\Parameters\[email protected] 1334148946
Reg HKLM\SYSTEM\CurrentControlSet\Services\{82712210-6590-4A59-B481-21504CF4421B}\Parameters\[email protected] 1334192146
Reg HKLM\SYSTEM\CurrentControlSet\Services\{82712210-6590-4A59-B481-21504CF4421B}\Parameters\[email protected] 1334224546
Reg HKLM\SYSTEM\CurrentControlSet\Services\{82712210-6590-4A59-B481-21504CF4421B}\Parameters\[email protected] 1334235346
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] Counter 5538
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] Help 5539
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[email protected] 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[email protected] 0
Reg HKLM\SOFTWARE\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\[email protected] 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}@ 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}@ 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\[email protected]  C:\Program Files\AVAST Software\Avast\AhAScr.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\[email protected] 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}@ 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\[email protected] 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}@ 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}@ 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}@ 
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\[email protected] C:\Program Files\AVAST Software\Avast\AhAScr.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\[email protected] 
Reg HKLM\SOFTWARE\Classes\VBS\[email protected] 
Reg HKLM\SOFTWARE\Classes\VBS Author\[email protected] 
Reg HKLM\SOFTWARE\Classes\VBScript\[email protected] 
Reg HKLM\SOFTWARE\Classes\VBScript Author\[email protected] 
Reg HKLM\SOFTWARE\Classes\VBScript.Encode\[email protected] 
Reg HKLM\SOFTWARE\Classes\VBScript.RegExp\[email protected]

---- EOF - GMER 1.0.15 ----

Again, thanks for your help.


----------



## jen13007 (Apr 12, 2012)

Just to update I've uninstalled Vuse, Utorrent, and Limewire. I'm assuming these are from when my ex had access to my laptop.


----------



## Cookiegal (Aug 27, 2003)

Yes, it's good to uninstall those programs.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## jen13007 (Apr 12, 2012)

Excuse my stupidity, but have I ran a hijackthis yet? I thought I ran DDS and GMER? 
Where can I find a Hijackthis download? (I did google, but don't trust one's from sites you won't recommend)


Never mind. Found it. (As I posted in another forum, I never read the instructions before you're supposed to post)


----------



## Cookiegal (Aug 27, 2003)

Sorry, please disregard that part of the instructions. I meant to edit it out.


----------



## jen13007 (Apr 12, 2012)

Okay Doke. Shall reply once I've done combofix.


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## jen13007 (Apr 12, 2012)

I've accidently downloaded twice, and it won't let me save as. It comes up 'save as a binary file' or 'cancel' 

I also can't seem to uninstall, following the steps specified in the page you linked me to.

Sorry.


----------



## Cookiegal (Aug 27, 2003)

What browser are you using?


----------



## jen13007 (Apr 12, 2012)

Firefox.


----------



## jen13007 (Apr 12, 2012)

Will I still be able to run, even though there are two copys on the system?


----------



## Cookiegal (Aug 27, 2003)

I thought you said you couldn't save it?


----------



## jen13007 (Apr 12, 2012)

I saved it, but couldn't 'save as'... so I couldn't rename to puppy.exe


----------



## Cookiegal (Aug 27, 2003)

I assume the second one had a number inserted in the name or it would have just overwritten the first one. If you do have two then just drag one to the Recycle Bin and run the other.


----------



## jen13007 (Apr 12, 2012)

That took a bit of trying, then I paniced when my net wouldn't work. Rebooted, still blue screening in normal mode. In safe mode with networking again.

ComboFix 12-04-13.01 - Jennifer 14/04/2012 0:27.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.953.267 [GMT 1:00]
Running from: c:\users\Jennifer\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jennifer\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 23:39 . 2012-04-13 23:40 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2012-04-13 23:39 . 2012-04-13 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 22:19 . 2012-03-12 13:27 143360 ----a-w- c:\program files\Mozilla Firefox\BabyFox.dll
2012-04-13 22:19 . 2012-04-13 22:19 -------- d-----w- c:\program files\Babylon
2012-04-13 12:57 . 2012-04-13 12:57 54016 ----a-w- c:\windows\system32\drivers\gaacorgv.sys
2012-04-13 12:46 . 2012-04-13 12:46 -------- d-----w- c:\users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2012-04-13 12:45 . 2012-04-13 12:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 12:45 . 2012-04-13 12:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-13 12:06 . 2011-12-16 16:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 12:06 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 08:50 . 2012-04-13 12:07 -------- d-----w- c:\programdata\IObit
2012-04-13 08:49 . 2012-04-13 21:26 -------- d-----w- c:\users\Jennifer\AppData\Roaming\IObit
2012-04-13 08:49 . 2012-04-13 22:41 -------- d-----w- c:\program files\IObit
2012-04-03 08:54 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-03 08:51 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-03 08:50 . 2012-04-03 08:50 -------- d-----w- c:\program files\AVAST Software
2012-04-03 08:50 . 2012-04-03 08:50 -------- d-----w- c:\programdata\AVAST Software
2012-03-15 19:17 . 2012-03-15 19:17 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-15 19:17 . 2012-03-15 19:17 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2011-03-28 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2009-08-12 18:47 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2009-08-12 18:47 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-08-12 18:47 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-08-12 18:47 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-08-12 18:47 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-08-12 18:47 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-15 19:17 . 2011-03-28 19:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-04 18:57 . 2010-09-04 18:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 68856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"UIExec"="c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608]
"Skytel"="Skytel.exe" [2008-06-27 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
.
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
autobahn.lnk - c:\users\Jennifer\AppData\Local\Autobahn\autobahn.exe [2009-4-2 710360]
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-4-1 142848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXDDRKOG
*Deregistered* - BMLoad
*Deregistered* - pxddrkog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 23:32]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\gctjlzt8.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 00:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-14 00:48:21
ComboFix-quarantined-files.txt 2012-04-13 23:48
.
Pre-Run: 74,101,116,928 bytes free
Post-Run: 74,518,753,280 bytes free
.
- - End Of File - - 1FB28C1E33D1FF769B031D722532E08C


----------



## jen13007 (Apr 12, 2012)

The babylon file was me trying to find a dump reader, of course the download actually was this (A translation programme) uninstalled and deleted once I realised. SuperAntispywear/iobit and it's components were also uninstalled and deleted earlier, upon advice of yourself or the previous helper.


----------



## Cookiegal (Aug 27, 2003)

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
c:\windows\system32\drivers\gaacorgv.sys
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## jen13007 (Apr 12, 2012)

https://www.virustotal.com/file/3da...6f748219e1d0c8f2389ba516/analysis/1334365491/


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## jen13007 (Apr 12, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 02:13:30
-----------------------------
02:13:30.075 OS Version: Windows 6.0.6002 Service Pack 2
02:13:30.075 Number of processors: 1 586 0xF0D
02:13:30.076 ComputerName: JENNIFER-PC UserName: Jennifer
02:13:31.342 Initialize success
02:13:32.892 AVAST engine defs: 12041100
02:14:02.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:14:02.078 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
02:14:02.102 Disk 0 MBR read successfully
02:14:02.103 Disk 0 MBR scan
02:14:02.754 Disk 0 unknown MBR code
02:14:02.768 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
02:14:03.469 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142381 MB offset 20981760
02:14:03.531 Disk 0 scanning sectors +312578048
02:14:04.117 Disk 0 scanning C:\Windows\system32\drivers
02:14:26.910 Service scanning
02:14:54.815 Service Sony Ericsson PCCompanion C:\Program **HIDDEN**
02:14:57.605 Service TomTomHOMEService C:\Program **HIDDEN**
02:15:04.797 Modules scanning
02:15:13.606 Disk 0 trace - called modules:
02:15:13.641 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS usbhub.sys 
02:15:13.645 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84589ac8]
02:15:13.649 3 CLASSPNP.SYS[863a88b3] -> nt!IofCallDriver -> [0x83ad7898]
02:15:13.653 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83ae5b98]
02:15:14.291 AVAST engine scan C:\Windows
02:15:18.236 AVAST engine scan C:\Windows\system32
02:17:54.893 AVAST engine scan C:\Windows\system32\drivers
02:18:11.970 AVAST engine scan C:\Users\Jennifer
02:34:41.878 AVAST engine scan C:\ProgramData
02:37:38.518 Scan finished successfully
08:22:25.581 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
08:22:25.585 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## jen13007 (Apr 12, 2012)

20:57:43.0391 1708 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:57:43.0653 1708 ============================================================
20:57:43.0653 1708 Current date / time: 2012/04/14 20:57:43.0653
20:57:43.0653 1708 SystemInfo:
20:57:43.0653 1708 
20:57:43.0653 1708 OS Version: 6.0.6002 ServicePack: 2.0
20:57:43.0653 1708 Product type: Workstation
20:57:43.0653 1708 ComputerName: JENNIFER-PC
20:57:43.0654 1708 UserName: Jennifer
20:57:43.0654 1708 Windows directory: C:\Windows
20:57:43.0654 1708 System windows directory: C:\Windows
20:57:43.0654 1708 Processor architecture: Intel x86
20:57:43.0654 1708 Number of processors: 1
20:57:43.0654 1708 Page size: 0x1000
20:57:43.0654 1708 Boot type: Safe boot with network
20:57:43.0654 1708 ============================================================
20:57:44.0379 1708 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:57:44.0397 1708 \Device\Harddisk0\DR0:
20:57:44.0424 1708 MBR used
20:57:44.0424 1708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x11616800
20:57:44.0504 1708 Initialize success
20:57:44.0504 1708 ============================================================
20:57:46.0997 1676 ============================================================
20:57:46.0997 1676 Scan started
20:57:46.0997 1676 Mode: Manual; 
20:57:46.0997 1676 ============================================================
20:57:47.0646 1676 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:57:47.0650 1676 ACPI - ok
20:57:47.0814 1676 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:57:47.0817 1676 AdobeARMservice - ok
20:57:47.0986 1676 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:57:47.0995 1676 adp94xx - ok
20:57:48.0174 1676 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:57:48.0181 1676 adpahci - ok
20:57:48.0323 1676 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:57:48.0326 1676 adpu160m - ok
20:57:48.0370 1676 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:57:48.0373 1676 adpu320 - ok
20:57:48.0501 1676 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:57:48.0502 1676 AeLookupSvc - ok
20:57:48.0619 1676 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
20:57:48.0620 1676 Afc - ok
20:57:48.0815 1676 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
20:57:48.0821 1676 AFD - ok
20:57:49.0003 1676 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:57:49.0005 1676 agp440 - ok
20:57:49.0159 1676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:57:49.0162 1676 aic78xx - ok
20:57:49.0223 1676 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:57:49.0225 1676 ALG - ok
20:57:49.0394 1676 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:57:49.0396 1676 aliide - ok
20:57:49.0548 1676 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:57:49.0550 1676 amdagp - ok
20:57:49.0598 1676 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:57:49.0600 1676 amdide - ok
20:57:49.0745 1676 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:57:49.0747 1676 AmdK7 - ok
20:57:49.0767 1676 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:57:49.0769 1676 AmdK8 - ok
20:57:49.0970 1676 ApfiltrService (0ed1a5b7a8ae5939a92ea1ec39e16d21) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:57:49.0972 1676 ApfiltrService - ok
20:57:50.0106 1676 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:57:50.0107 1676 Appinfo - ok
20:57:50.0274 1676 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:57:50.0289 1676 Apple Mobile Device - ok
20:57:50.0469 1676 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:57:50.0472 1676 arc - ok
20:57:50.0644 1676 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:57:50.0647 1676 arcsas - ok
20:57:50.0814 1676 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
20:57:50.0815 1676 aswFsBlk - ok
20:57:51.0003 1676 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
20:57:51.0005 1676 aswMonFlt - ok
20:57:51.0183 1676 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
20:57:51.0184 1676 aswRdr - ok
20:57:51.0423 1676 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
20:57:51.0436 1676 aswSnx - ok
20:57:51.0613 1676 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
20:57:51.0620 1676 aswSP - ok
20:57:51.0752 1676 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
20:57:51.0753 1676 aswTdi - ok
20:57:51.0939 1676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:57:51.0940 1676 AsyncMac - ok
20:57:52.0095 1676 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:57:52.0095 1676 atapi - ok
20:57:52.0288 1676 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
20:57:52.0312 1676 athr - ok
20:57:52.0488 1676 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:57:52.0495 1676 AudioEndpointBuilder - ok
20:57:52.0507 1676 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:57:52.0510 1676 Audiosrv - ok
20:57:52.0633 1676 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:57:52.0635 1676 avast! Antivirus - ok
20:57:52.0829 1676 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:57:52.0858 1676 BCM43XX - ok
20:57:53.0038 1676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:57:53.0039 1676 Beep - ok
20:57:53.0199 1676 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:57:53.0205 1676 BFE - ok
20:57:53.0386 1676 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:57:53.0475 1676 BITS - ok
20:57:53.0634 1676 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:57:53.0636 1676 blbdrive - ok
20:57:53.0790 1676 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
20:57:53.0792 1676 BMLoad - ok
20:57:53.0879 1676 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
20:57:53.0884 1676 Bonjour Service - ok
20:57:54.0026 1676 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
20:57:54.0028 1676 bowser - ok
20:57:54.0190 1676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:57:54.0191 1676 BrFiltLo - ok
20:57:54.0249 1676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:57:54.0251 1676 BrFiltUp - ok
20:57:54.0370 1676 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:57:54.0372 1676 Browser - ok
20:57:54.0487 1676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:57:54.0490 1676 Brserid - ok
20:57:54.0634 1676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:57:54.0637 1676 BrSerWdm - ok
20:57:54.0755 1676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:57:54.0756 1676 BrUsbMdm - ok
20:57:54.0856 1676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:57:54.0858 1676 BrUsbSer - ok
20:57:54.0966 1676 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:57:54.0969 1676 BTHMODEM - ok
20:57:55.0095 1676 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
20:57:55.0098 1676 BUNAgentSvc - ok
20:57:55.0273 1676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:57:55.0275 1676 cdfs - ok
20:57:55.0445 1676 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:57:55.0447 1676 cdrom - ok
20:57:55.0588 1676 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:57:55.0590 1676 CertPropSvc - ok
20:57:55.0661 1676 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:57:55.0663 1676 circlass - ok
20:57:55.0742 1676 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:57:55.0747 1676 CLFS - ok
20:57:55.0841 1676 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:55.0848 1676 clr_optimization_v2.0.50727_32 - ok
20:57:55.0995 1676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:57:56.0002 1676 clr_optimization_v4.0.30319_32 - ok
20:57:56.0149 1676 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:57:56.0151 1676 CmBatt - ok
20:57:56.0188 1676 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:57:56.0190 1676 cmdide - ok
20:57:56.0340 1676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:57:56.0342 1676 Compbatt - ok
20:57:56.0358 1676 COMSysApp - ok
20:57:56.0464 1676 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:57:56.0483 1676 crcdisk - ok
20:57:56.0816 1676 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:57:56.0818 1676 Crusoe - ok
20:57:56.0911 1676 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:57:56.0914 1676 CryptSvc - ok
20:57:57.0069 1676 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:57:57.0101 1676 DcomLaunch - ok
20:57:57.0185 1676 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
20:57:57.0187 1676 DfsC - ok
20:57:57.0380 1676 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:57:57.0479 1676 DFSR - ok
20:57:57.0632 1676 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:57:57.0637 1676 Dhcp - ok
20:57:57.0770 1676 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:57:57.0772 1676 disk - ok
20:57:57.0958 1676 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:57:57.0959 1676 DKbFltr - ok
20:57:58.0051 1676 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
20:57:58.0053 1676 Dnscache - ok
20:57:58.0165 1676 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:57:58.0169 1676 dot3svc - ok
20:57:58.0250 1676 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:57:58.0253 1676 DPS - ok
20:57:58.0363 1676 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
20:57:58.0365 1676 DritekPortIO - ok
20:57:58.0489 1676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:57:58.0491 1676 drmkaud - ok
20:57:58.0603 1676 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
20:57:58.0616 1676 DXGKrnl - ok
20:57:58.0758 1676 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:57:58.0769 1676 E1G60 - ok
20:57:58.0841 1676 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:57:58.0843 1676 EapHost - ok
20:57:59.0009 1676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:57:59.0025 1676 Ecache - ok
20:57:59.0213 1676 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:57:59.0220 1676 elxstor - ok
20:57:59.0368 1676 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:57:59.0379 1676 EMDMgmt - ok
20:57:59.0522 1676 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:57:59.0523 1676 ErrDev - ok
20:57:59.0652 1676 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
20:57:59.0654 1676 ETService - ok
20:57:59.0771 1676 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:57:59.0777 1676 EventSystem - ok
20:57:59.0906 1676 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:57:59.0910 1676 exfat - ok
20:58:00.0017 1676 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:58:00.0021 1676 fastfat - ok
20:58:00.0150 1676 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:58:00.0152 1676 fdc - ok
20:58:00.0228 1676 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:58:00.0230 1676 fdPHost - ok
20:58:00.0344 1676 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:58:00.0346 1676 FDResPub - ok
20:58:00.0443 1676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:58:00.0445 1676 FileInfo - ok
20:58:00.0492 1676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:58:00.0495 1676 Filetrace - ok
20:58:00.0554 1676 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:58:00.0555 1676 flpydisk - ok
20:58:00.0704 1676 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:58:00.0708 1676 FltMgr - ok
20:58:00.0839 1676 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:58:00.0841 1676 FontCache3.0.0.0 - ok
20:58:00.0952 1676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:58:00.0953 1676 Fs_Rec - ok
20:58:01.0050 1676 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:58:01.0052 1676 gagp30kx - ok
20:58:01.0180 1676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:58:01.0181 1676 GEARAspiWDM - ok
20:58:01.0359 1676 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
20:58:01.0361 1676 ggflt - ok
20:58:01.0528 1676 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
20:58:01.0530 1676 ggsemc - ok
20:58:01.0676 1676 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:58:01.0679 1676 GoogleDesktopManager-051210-111108 - ok
20:58:01.0788 1676 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:58:01.0801 1676 gpsvc - ok
20:58:01.0968 1676 gupdate1c9d0fe7d75d678 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:58:01.0972 1676 gupdate1c9d0fe7d75d678 - ok
20:58:02.0002 1676 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:58:02.0003 1676 gupdatem - ok
20:58:02.0104 1676 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:58:02.0109 1676 gusvc - ok
20:58:02.0287 1676 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:58:02.0293 1676 HdAudAddService - ok
20:58:02.0462 1676 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:58:02.0472 1676 HDAudBus - ok
20:58:02.0616 1676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:58:02.0617 1676 HidBth - ok
20:58:02.0662 1676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:58:02.0664 1676 HidIr - ok
20:58:02.0775 1676 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:58:02.0777 1676 hidserv - ok
20:58:02.0889 1676 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:58:02.0890 1676 HidUsb - ok
20:58:02.0959 1676 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:58:02.0963 1676 hkmsvc - ok
20:58:03.0108 1676 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:58:03.0110 1676 HpCISSs - ok
20:58:03.0232 1676 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:58:03.0252 1676 HSFHWAZL - ok
20:58:03.0399 1676 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:58:03.0419 1676 HSF_DPV - ok
20:58:03.0575 1676 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:58:03.0577 1676 HTCAND32 - ok
20:58:03.0761 1676 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
20:58:03.0763 1676 htcnprot - ok
20:58:03.0918 1676 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:58:03.0927 1676 HTTP - ok
20:58:04.0059 1676 hwdatacard - ok
20:58:04.0141 1676 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:58:04.0143 1676 i2omp - ok
20:58:04.0312 1676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:58:04.0313 1676 i8042prt - ok
20:58:04.0360 1676 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:58:04.0366 1676 iaStorV - ok
20:58:04.0531 1676 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:58:04.0550 1676 idsvc - ok
20:58:04.0747 1676 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:58:04.0857 1676 igfx - ok
20:58:05.0007 1676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:58:05.0009 1676 iirsp - ok
20:58:05.0074 1676 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:58:05.0083 1676 IKEEXT - ok
20:58:05.0241 1676 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
20:58:05.0243 1676 int15 - ok
20:58:05.0470 1676 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
20:58:05.0534 1676 IntcAzAudAddService - ok
20:58:05.0675 1676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:58:05.0677 1676 intelide - ok
20:58:05.0758 1676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:58:05.0760 1676 intelppm - ok
20:58:05.0872 1676 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:58:05.0883 1676 IPBusEnum - ok
20:58:05.0976 1676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:05.0978 1676 IpFilterDriver - ok
20:58:06.0039 1676 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:58:06.0044 1676 iphlpsvc - ok
20:58:06.0159 1676 IpInIp - ok
20:58:06.0225 1676 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:58:06.0228 1676 IPMIDRV - ok
20:58:06.0369 1676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:58:06.0371 1676 IPNAT - ok
20:58:06.0509 1676 iPod Service (6e0faea90e71c5f1b9f3bc71b4cca2fa) C:\Program Files\iPod\bin\iPodService.exe
20:58:06.0521 1676 iPod Service - ok
20:58:06.0641 1676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:58:06.0643 1676 IRENUM - ok
20:58:06.0698 1676 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:58:06.0700 1676 isapnp - ok
20:58:06.0881 1676 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:58:06.0883 1676 iScsiPrt - ok
20:58:06.0967 1676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:58:06.0968 1676 iteatapi - ok
20:58:07.0115 1676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:58:07.0117 1676 iteraid - ok
20:58:07.0245 1676 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:58:07.0257 1676 IviRegMgr - ok
20:58:07.0380 1676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:58:07.0381 1676 kbdclass - ok
20:58:07.0472 1676 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:58:07.0474 1676 kbdhid - ok
20:58:07.0574 1676 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:58:07.0576 1676 KeyIso - ok
20:58:07.0671 1676 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:58:07.0693 1676 KSecDD - ok
20:58:07.0834 1676 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:58:07.0843 1676 KtmRm - ok
20:58:07.0947 1676 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:58:07.0955 1676 LanmanServer - ok
20:58:08.0075 1676 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:58:08.0080 1676 LanmanWorkstation - ok
20:58:08.0194 1676 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:58:08.0197 1676 LightScribeService - ok
20:58:08.0349 1676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:58:08.0351 1676 lltdio - ok
20:58:08.0413 1676 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:58:08.0418 1676 lltdsvc - ok
20:58:08.0531 1676 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:58:08.0533 1676 lmhosts - ok
20:58:08.0627 1676 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:58:08.0630 1676 LSI_FC - ok
20:58:08.0669 1676 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:58:08.0672 1676 LSI_SAS - ok
20:58:08.0802 1676 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:58:08.0805 1676 LSI_SCSI - ok
20:58:08.0967 1676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:58:08.0969 1676 luafv - ok
20:58:09.0035 1676 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:58:09.0037 1676 LVPr2Mon - ok
20:58:09.0170 1676 LVPrcSrv (5c7b88695ce461d8bda4fe0c0e57e71d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:58:09.0175 1676 LVPrcSrv - ok
20:58:09.0329 1676 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
20:58:09.0330 1676 massfilter - ok
20:58:09.0503 1676 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
20:58:09.0505 1676 MBAMProtector - ok
20:58:09.0635 1676 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:58:09.0649 1676 MBAMService - ok
20:58:09.0754 1676 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:58:09.0760 1676 McComponentHostService - ok
20:58:09.0956 1676 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:58:09.0959 1676 megasas - ok
20:58:10.0051 1676 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:58:10.0067 1676 MegaSR - ok
20:58:10.0171 1676 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:58:10.0174 1676 MMCSS - ok
20:58:10.0263 1676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:58:10.0265 1676 Modem - ok
20:58:10.0298 1676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:58:10.0300 1676 monitor - ok
20:58:10.0503 1676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:58:10.0504 1676 mouclass - ok
20:58:10.0625 1676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:58:10.0626 1676 mouhid - ok
20:58:10.0688 1676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:58:10.0695 1676 MountMgr - ok
20:58:11.0161 1676 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:58:11.0185 1676 mpio - ok
20:58:11.0336 1676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:58:11.0353 1676 mpsdrv - ok
20:58:11.0487 1676 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:58:11.0505 1676 MpsSvc - ok
20:58:11.0600 1676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:58:11.0602 1676 Mraid35x - ok
20:58:11.0671 1676 MREMP50 - ok
20:58:11.0690 1676 MREMP50a64 - ok
20:58:11.0700 1676 MREMPR5 - ok
20:58:11.0710 1676 MRENDIS5 - ok
20:58:11.0736 1676 MRESP50 - ok
20:58:11.0755 1676 MRESP50a64 - ok
20:58:11.0904 1676 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:58:11.0908 1676 MRxDAV - ok
20:58:12.0017 1676 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:12.0020 1676 mrxsmb - ok
20:58:12.0122 1676 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:12.0126 1676 mrxsmb10 - ok
20:58:12.0282 1676 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:12.0288 1676 mrxsmb20 - ok
20:58:12.0395 1676 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
20:58:12.0396 1676 msahci - ok
20:58:12.0523 1676 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:58:12.0525 1676 msdsm - ok
20:58:12.0621 1676 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:58:12.0625 1676 MSDTC - ok
20:58:12.0753 1676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:58:12.0754 1676 Msfs - ok
20:58:12.0931 1676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:58:12.0933 1676 msisadrv - ok
20:58:13.0002 1676 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:58:13.0006 1676 MSiSCSI - ok
20:58:13.0080 1676 msiserver - ok
20:58:13.0252 1676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:58:13.0254 1676 MSKSSRV - ok
20:58:13.0309 1676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:13.0311 1676 MSPCLOCK - ok
20:58:13.0457 1676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:58:13.0459 1676 MSPQM - ok
20:58:13.0621 1676 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:58:13.0626 1676 MsRPC - ok
20:58:13.0794 1676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:58:13.0795 1676 mssmbios - ok
20:58:13.0867 1676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:58:13.0868 1676 MSTEE - ok
20:58:14.0016 1676 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:58:14.0018 1676 Mup - ok
20:58:14.0144 1676 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:58:14.0151 1676 napagent - ok
20:58:14.0295 1676 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:58:14.0307 1676 NativeWifiP - ok
20:58:14.0469 1676 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:58:14.0480 1676 NDIS - ok
20:58:14.0645 1676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:14.0647 1676 NdisTapi - ok
20:58:14.0805 1676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:14.0806 1676 Ndisuio - ok
20:58:14.0992 1676 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:14.0994 1676 NdisWan - ok
20:58:15.0162 1676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:58:15.0164 1676 NDProxy - ok
20:58:15.0310 1676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:58:15.0311 1676 NetBIOS - ok
20:58:15.0370 1676 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:58:15.0373 1676 netbt - ok
20:58:15.0496 1676 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:58:15.0497 1676 Netlogon - ok
20:58:15.0593 1676 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:58:15.0600 1676 Netman - ok
20:58:15.0720 1676 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:58:15.0726 1676 netprofm - ok
20:58:15.0829 1676 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:58:15.0832 1676 NetTcpPortSharing - ok
20:58:15.0915 1676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:58:15.0917 1676 nfrd960 - ok
20:58:16.0023 1676 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:58:16.0029 1676 NlaSvc - ok
20:58:16.0138 1676 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:58:16.0139 1676 Npfs - ok
20:58:16.0190 1676 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:58:16.0192 1676 nsi - ok
20:58:16.0320 1676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:58:16.0321 1676 nsiproxy - ok
20:58:16.0502 1676 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:58:16.0524 1676 Ntfs - ok
20:58:16.0628 1676 NTIBackupSvc (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:58:16.0630 1676 NTIBackupSvc - ok
20:58:16.0825 1676 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:58:16.0826 1676 NTIDrvr - ok
20:58:17.0068 1676 NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:58:17.0091 1676 NTISchedulerSvc - ok
20:58:17.0292 1676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:58:17.0303 1676  ntrigdigi - ok
20:58:17.0342 1676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:58:17.0343 1676 Null - ok
20:58:17.0497 1676 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:58:17.0501 1676 nvraid - ok
20:58:17.0658 1676 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:58:17.0660 1676 nvstor - ok
20:58:17.0807 1676 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:58:17.0811 1676 nv_agp - ok
20:58:17.0928 1676 NwlnkFlt - ok
20:58:17.0954 1676 NwlnkFwd - ok
20:58:18.0080 1676 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:58:18.0091 1676 odserv - ok
20:58:18.0235 1676 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:58:18.0238 1676 ohci1394 - ok
20:58:18.0370 1676 OMSI download service - ok
20:58:18.0458 1676 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:18.0462 1676 ose - ok
20:58:18.0579 1676 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:58:18.0592 1676 p2pimsvc - ok
20:58:18.0621 1676 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:58:18.0628 1676 p2psvc - ok
20:58:18.0773 1676 PAC207 (54183d1ec4a8658bbacb31acd0c8f6df) C:\Windows\system32\DRIVERS\PFC027.SYS
20:58:18.0784 1676 PAC207 - ok
20:58:18.0926 1676 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:58:18.0929 1676 Parport - ok
20:58:19.0092 1676 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:58:19.0094 1676 partmgr - ok
20:58:19.0207 1676 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:58:19.0209 1676 Parvdm - ok
20:58:19.0319 1676 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
20:58:19.0322 1676 PassThru Service - ok
20:58:19.0400 1676 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:58:19.0407 1676 PcaSvc - ok
20:58:19.0534 1676 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:58:19.0546 1676 pci - ok
20:58:19.0610 1676 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:58:19.0612 1676 pciide - ok
20:58:19.0718 1676 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:58:19.0722 1676 pcmcia - ok
20:58:19.0952 1676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:58:19.0974 1676 PEAUTH - ok
20:58:20.0158 1676 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS
20:58:20.0176 1676 PID_0928 - ok
20:58:20.0347 1676 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:58:20.0378 1676 pla - ok
20:58:20.0506 1676 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:58:20.0512 1676 PlugPlay - ok
20:58:20.0609 1676 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:58:20.0616 1676 PNRPAutoReg - ok
20:58:20.0645 1676 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:58:20.0652 1676 PNRPsvc - ok
20:58:20.0795 1676 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:58:20.0804 1676 PolicyAgent - ok
20:58:20.0959 1676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:58:20.0961 1676 PptpMiniport - ok
20:58:21.0029 1676 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:58:21.0032 1676 Processor - ok
20:58:21.0155 1676 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:58:21.0160 1676 ProfSvc - ok
20:58:21.0284 1676 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:58:21.0294 1676 ProtectedStorage - ok
20:58:21.0449 1676 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:58:21.0451 1676 PSched - ok
20:58:21.0647 1676 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:58:21.0670 1676 ql2300 - ok
20:58:21.0821 1676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:58:21.0824 1676 ql40xx - ok
20:58:21.0940 1676 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:58:21.0947 1676 QWAVE - ok
20:58:22.0049 1676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:58:22.0051 1676 QWAVEdrv - ok
20:58:22.0156 1676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:58:22.0157 1676 RasAcd - ok
20:58:22.0263 1676 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:58:22.0267 1676 RasAuto - ok
20:58:22.0418 1676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:22.0420 1676 Rasl2tp - ok
20:58:22.0558 1676 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:58:22.0565 1676 RasMan - ok
20:58:22.0717 1676 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:22.0719 1676 RasPppoe - ok
20:58:22.0762 1676 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:58:22.0764 1676 RasSstp - ok
20:58:22.0921 1676 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:58:22.0927 1676 rdbss - ok
20:58:23.0009 1676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:23.0011 1676 RDPCDD - ok
20:58:23.0154 1676 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:58:23.0168 1676 rdpdr - ok
20:58:23.0312 1676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:58:23.0313 1676 RDPENCDD - ok
20:58:23.0483 1676 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:58:23.0488 1676 RDPWD - ok
20:58:23.0635 1676 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:58:23.0637 1676 regi - ok
20:58:23.0769 1676 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:58:23.0772 1676 RemoteAccess - ok
20:58:23.0854 1676 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:58:23.0859 1676 RemoteRegistry - ok
20:58:23.0985 1676 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:58:23.0987 1676 RpcLocator - ok
20:58:24.0090 1676 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:58:24.0104 1676 RpcSs - ok
20:58:24.0248 1676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:58:24.0251 1676 rspndr - ok
20:58:24.0429 1676 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:58:24.0432 1676 RTL8169 - ok
20:58:24.0601 1676 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
20:58:24.0604 1676 s1018bus - ok
20:58:24.0767 1676 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
20:58:24.0768 1676 s1018mdfl - ok
20:58:24.0828 1676 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
20:58:24.0857 1676 s1018mdm - ok
20:58:25.0059 1676 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
20:58:25.0063 1676 s1018mgmt - ok
20:58:25.0217 1676 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
20:58:25.0227 1676 s1018nd5 - ok
20:58:25.0351 1676 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
20:58:25.0354 1676 s1018obex - ok
20:58:25.0499 1676 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
20:58:25.0502 1676 s1018unic - ok
20:58:25.0675 1676 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
20:58:25.0678 1676 s116bus - ok
20:58:25.0795 1676 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:58:25.0796 1676 SamSs - ok
20:58:25.0879 1676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:58:25.0882 1676 sbp2port - ok
20:58:25.0980 1676 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:58:25.0983 1676 SCardSvr - ok
20:58:26.0113 1676 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
20:58:26.0126 1676 Schedule - ok
20:58:26.0237 1676 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:58:26.0237 1676 SCPolicySvc - ok
20:58:26.0327 1676 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:58:26.0331 1676 SDRSVC - ok
20:58:26.0476 1676 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:58:26.0483 1676 SeaPort - ok
20:58:26.0621 1676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:58:26.0623 1676 secdrv - ok
20:58:26.0741 1676 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:58:26.0744 1676 seclogon - ok
20:58:26.0849 1676 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
20:58:26.0850 1676 seehcri - ok
20:58:26.0893 1676 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:58:26.0896 1676 SENS - ok
20:58:26.0958 1676 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:58:26.0960 1676 Serenum - ok
20:58:27.0105 1676 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:58:27.0108 1676 Serial - ok
20:58:27.0261 1676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:58:27.0262 1676 sermouse - ok
20:58:27.0420 1676 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:58:27.0424 1676 SessionEnv - ok
20:58:27.0517 1676 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:58:27.0519 1676 sffdisk - ok
20:58:27.0568 1676 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:58:27.0570 1676 sffp_mmc - ok
20:58:27.0704 1676 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:58:27.0706 1676 sffp_sd - ok
20:58:27.0793 1676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:58:27.0794 1676 sfloppy - ok
20:58:27.0884 1676 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:58:27.0891 1676 SharedAccess - ok
20:58:27.0995 1676 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
20:58:28.0002 1676 ShellHWDetection - ok
20:58:28.0123 1676 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:58:28.0126 1676 sisagp - ok
20:58:28.0288 1676 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:58:28.0291 1676 SiSRaid2 - ok
20:58:28.0444 1676 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:58:28.0446 1676 SiSRaid4 - ok
20:58:28.0680 1676 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:58:28.0789 1676 slsvc - ok
20:58:28.0906 1676 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:58:28.0910 1676 SLUINotify - ok
20:58:29.0011 1676 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:58:29.0014 1676 Smb - ok
20:58:29.0100 1676 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:58:29.0102 1676 SNMPTRAP - ok
20:58:29.0178 1676 Sony Ericsson PCCompanion - ok
20:58:29.0303 1676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:58:29.0305 1676 spldr - ok
20:58:29.0407 1676 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:58:29.0411 1676 Spooler - ok
20:58:29.0555 1676 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
20:58:29.0562 1676 srv - ok
20:58:29.0714 1676 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
20:58:29.0718 1676 srv2 - ok
20:58:29.0876 1676 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
20:58:29.0879 1676 srvnet - ok
20:58:29.0952 1676 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:58:29.0957 1676 SSDPSRV - ok
20:58:30.0098 1676 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:58:30.0102 1676 SstpSvc - ok
20:58:30.0198 1676 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:58:30.0218 1676 stisvc - ok
20:58:30.0366 1676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:58:30.0367 1676 swenum - ok
20:58:30.0454 1676 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:58:30.0470 1676 swprv - ok
20:58:30.0605 1676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:58:30.0607 1676 Symc8xx - ok
20:58:30.0751 1676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:58:30.0753 1676 Sym_hi - ok
20:58:30.0909 1676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:58:30.0911 1676 Sym_u3 - ok
20:58:31.0043 1676 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:58:31.0056 1676 SysMain - ok
20:58:31.0182 1676 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:58:31.0186 1676 TabletInputService - ok
20:58:31.0284 1676 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:58:31.0291 1676 TapiSrv - ok
20:58:31.0385 1676 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:58:31.0388 1676 TBS - ok
20:58:31.0497 1676 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
20:58:31.0517 1676 Tcpip - ok
20:58:31.0723 1676 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
20:58:31.0731 1676 Tcpip6 - ok
20:58:31.0888 1676 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
20:58:31.0889 1676 tcpipBM - ok
20:58:32.0056 1676 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:58:32.0058 1676 tcpipreg - ok
20:58:32.0122 1676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:58:32.0125 1676 TDPIPE - ok
20:58:32.0276 1676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:58:32.0278 1676 TDTCP - ok
20:58:32.0447 1676 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:58:32.0449 1676 tdx - ok
20:58:32.0651 1676 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
20:58:32.0760 1676 TeamViewer6 - ok
20:58:32.0910 1676 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:58:32.0911 1676 TermDD - ok
20:58:33.0034 1676 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:58:33.0046 1676 TermService - ok
20:58:33.0128 1676 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
20:58:33.0132 1676 Themes - ok
20:58:33.0192 1676 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:58:33.0194 1676 THREADORDER - ok
20:58:33.0241 1676 TomTomHOMEService - ok
20:58:33.0319 1676 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:58:33.0323 1676 TrkWks - ok
20:58:33.0418 1676 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:58:33.0422 1676 TrustedInstaller - ok
20:58:33.0503 1676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:58:33.0505 1676 tssecsrv - ok
20:58:33.0670 1676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:58:33.0671 1676 tunmp - ok
20:58:33.0826 1676 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:58:33.0836 1676 tunnel - ok
20:58:33.0888 1676 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:58:33.0900 1676 uagp35 - ok
20:58:34.0068 1676 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:58:34.0070 1676 UBHelper - ok
20:58:34.0237 1676 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:58:34.0243 1676 udfs - ok
20:58:34.0367 1676 UI Assistant Service (de70e72908ab905fda33e82e218797aa) C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
20:58:34.0373 1676 UI Assistant Service - ok
20:58:34.0460 1676 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:58:34.0463 1676 UI0Detect - ok
20:58:34.0585 1676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:58:34.0588 1676 uliagpkx - ok
20:58:34.0629 1676 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:58:34.0635 1676 uliahci - ok
20:58:34.0771 1676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:58:34.0774 1676 UlSata - ok
20:58:34.0925 1676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:58:34.0928 1676 ulsata2 - ok
20:58:35.0083 1676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:58:35.0085 1676 umbus - ok
20:58:35.0211 1676 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:58:35.0218 1676 upnphost - ok
20:58:35.0333 1676 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
20:58:35.0335 1676 USBAAPL - ok
20:58:35.0482 1676 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys
20:58:35.0484 1676 usbbus - ok
20:58:35.0566 1676 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:58:35.0568 1676 usbccgp - ok
20:58:35.0706 1676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:58:35.0712 1676 usbcir - ok
20:58:35.0861 1676 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
20:58:35.0863 1676 UsbDiag - ok
20:58:36.0022 1676 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:58:36.0024 1676 usbehci - ok
20:58:36.0127 1676 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:58:36.0131 1676 usbhub - ok
20:58:36.0299 1676 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys
20:58:36.0301 1676 USBModem - ok
20:58:36.0456 1676 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:58:36.0458 1676 usbohci - ok
20:58:36.0612 1676 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:58:36.0614 1676 usbprint - ok
20:58:36.0743 1676 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:58:36.0746 1676 USBSTOR - ok
20:58:36.0897 1676 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:58:36.0899 1676 usbuhci - ok
20:58:37.0067 1676 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:58:37.0071 1676 usbvideo - ok
20:58:37.0269 1676 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
20:58:37.0271 1676 usb_rndisx - ok
20:58:37.0321 1676 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:58:37.0334 1676 UxSms - ok
20:58:37.0471 1676 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:58:37.0480 1676 vds - ok
20:58:37.0600 1676 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:58:37.0602 1676 vga - ok
20:58:37.0705 1676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:58:37.0707 1676 VgaSave - ok
20:58:37.0756 1676 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:58:37.0767 1676 viaagp - ok
20:58:37.0861 1676 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:58:37.0863 1676 ViaC7 - ok
20:58:37.0977 1676 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:58:37.0979 1676 viaide - ok
20:58:38.0078 1676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:58:38.0081 1676 volmgr - ok
20:58:38.0231 1676 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:58:38.0238 1676 volmgrx - ok
20:58:38.0392 1676 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:58:38.0398 1676 volsnap - ok
20:58:38.0546 1676 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:58:38.0550 1676 vsmraid - ok
20:58:38.0704 1676 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:58:38.0728 1676 VSS - ok
20:58:38.0853 1676 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:58:38.0861 1676 W32Time - ok
20:58:38.0979 1676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:58:38.0981 1676 WacomPen - ok
20:58:39.0107 1676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:58:39.0109 1676 Wanarp - ok
20:58:39.0144 1676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:58:39.0145 1676 Wanarpv6 - ok
20:58:39.0268 1676 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:58:39.0281 1676 wcncsvc - ok
20:58:39.0354 1676 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:58:39.0358 1676 WcsPlugInService - ok
20:58:39.0494 1676 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:58:39.0496 1676 Wd - ok
20:58:39.0669 1676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:58:39.0680 1676 Wdf01000 - ok
20:58:39.0808 1676 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:58:39.0812 1676 WdiServiceHost - ok
20:58:39.0833 1676 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:58:39.0835 1676 WdiSystemHost - ok
20:58:39.0921 1676 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:58:39.0927 1676 WebClient - ok
20:58:40.0042 1676 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
20:58:40.0048 1676 Wecsvc - ok
20:58:40.0112 1676 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:58:40.0115 1676 wercplsupport - ok
20:58:40.0175 1676 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:58:40.0180 1676 WerSvc - ok
20:58:40.0328 1676 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:58:40.0348 1676 winachsf - ok
20:58:40.0472 1676 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:58:40.0478 1676 WinDefend - ok
20:58:40.0495 1676 WinHttpAutoProxySvc - ok
20:58:40.0640 1676 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:58:40.0645 1676 Winmgmt - ok
20:58:40.0753 1676 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
20:58:40.0771 1676 WinRM - ok
20:58:40.0893 1676 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:58:40.0906 1676 Wlansvc - ok
20:58:41.0052 1676 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:58:41.0053 1676 WmiAcpi - ok
20:58:41.0167 1676 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:58:41.0170 1676 wmiApSrv - ok
20:58:41.0307 1676 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:58:41.0326 1676 WMPNetworkSvc - ok
20:58:41.0451 1676 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:58:41.0456 1676 WPCSvc - ok
20:58:41.0538 1676 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
20:58:41.0543 1676 WPDBusEnum - ok
20:58:41.0687 1676 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:58:41.0690 1676 WpdUsb - ok
20:58:41.0896 1676 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:58:41.0937 1676 WPFFontCache_v0400 - ok
20:58:42.0302 1676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:58:42.0304 1676 ws2ifsl - ok
20:58:42.0426 1676 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:58:42.0429 1676 wscsvc - ok
20:58:42.0471 1676 WSearch - ok
20:58:42.0600 1676 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:58:42.0651 1676 wuauserv - ok
20:58:42.0833 1676 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:58:42.0836 1676 WUDFRd - ok
20:58:42.0946 1676 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:58:42.0975 1676 wudfsvc - ok
20:58:43.0075 1676 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:58:43.0079 1676 ZTEusbmdm6k - ok
20:58:43.0241 1676 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:58:43.0245 1676 ZTEusbnmea - ok
20:58:43.0390 1676 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:58:43.0393 1676 ZTEusbser6k - ok
20:58:43.0454 1676 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
20:58:46.0563 1676 \Device\Harddisk0\DR0 - ok
20:58:46.0587 1676 Boot (0x1200) (44d76cff61abef8c9daab763bb2697ed) \Device\Harddisk0\DR0\Partition0
20:58:46.0589 1676 \Device\Harddisk0\DR0\Partition0 - ok
20:58:46.0592 1676 ============================================================
20:58:46.0592 1676 Scan finished
20:58:46.0592 1676 ============================================================
20:58:46.0603 1536 Detected object count: 0
20:58:46.0603 1536 Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

Are you still having problems with the computer?


----------



## jen13007 (Apr 12, 2012)

Yes, It's still blue screening in normal mode.


----------



## Cookiegal (Aug 27, 2003)

Go to Start and type Event Viewer in the Search box. Then, in the results double-click Event Viewer.

Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jen13007 (Apr 12, 2012)

It's not letting me view either, and comes up the following error:

'Event viewer cannot open the event log or custom view. Verify that Event log service is running. The request is not supported (50).'

Edit:

It's actually doing it for all options in Event Viewer.


----------



## Cookiegal (Aug 27, 2003)

In this a minidump file created at this location (the x's would be the date)?

C:\WINDOWS\Minidump\Minixxxxxx-01.dmp


----------



## jen13007 (Apr 12, 2012)

Nope, nothing in minidump.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jen13007 (Apr 12, 2012)

Attached ots log.


----------



## Cookiegal (Aug 27, 2003)

I'm still suspicious of this file:

gaacorgv.sys

So I'd like you to follow the instructions to upload it to a colleague's site to be examined closer.

Go to the forum *here* and upload this (these) file(s):

*c:\windows\system32\drivers\gaacorgv.sys*

Here are the directions for uploading the file:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.

Then please go to the link below and follow the instructions to change the setting for the paging file.

http://www.vistax64.com/tutorials/132201-virtual-memory-paging-file-change.html

Please check the *Automatically manage paging file size for all drives* box as shown in no. 9 there. This may enable minidumps as it appears the paging file is not large enough to create them.

Please reboot after making that change.

Also, please visit the link below and follow the instructions to clear the Event Viewer. Sometimes this is all that's needed to clear out corruption and it may start logging events again.

http://technet.microsoft.com/en-us/library/cc722318.aspx

After doing that, if you suffer a blue screen at any point please check to see if a minidump file was created and if any errors were generated in the Event Viewer.

Finally, please do the following:

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{687578b9-7132-4a7a-80e4-30ee31099e03}" [HKLM] -> [uTorrentControl2 Toolbar]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {687578b9-7132-4a7a-80e4-30ee31099e03} [HKLM] -> [uTorrentControl2 Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{687578b9-7132-4a7a-80e4-30ee31099e03}" [HKLM] -> [uTorrentControl2 Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "eRecoveryService" -> []
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "TomTomHOME.exe" -> ["C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"]
[Files/Folders - Created Within 30 Days]
NY ->  2 C:\Users\Jennifer\Desktop\*.tmp files -> C:\Users\Jennifer\Desktop\*.tmp
NY ->  2 C:\Users\Jennifer\AppData\Local\*.tmp files -> C:\Users\Jennifer\AppData\Local\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  2 C:\Users\Jennifer\Desktop\*.tmp files -> C:\Users\Jennifer\Desktop\*.tmp
NY ->  2 C:\Users\Jennifer\AppData\Local\*.tmp files -> C:\Users\Jennifer\AppData\Local\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC
NY -> @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728
NY -> @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8
NY -> @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
NY -> @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA
NY -> @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
NY -> @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54
NY -> @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4D066AD2
NY -> @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
NY -> @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B623B5B8
NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:793F316E
NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
NY -> @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
NY -> @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
NY -> @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## dvk01 (Dec 14, 2002)

c:\windows\system32\drivers\gaacorgv.sys

is part of MBAM so legitmate & safe to leave on the computer, probably the avenger driver being used to remove a roootkit


----------



## jen13007 (Apr 12, 2012)

Carried out the file upload, and changing of paging. 

However when I went to Event Viewer, it came up the following error: 

'Event Viewer could not clear the log. The following error occurred: The request is not supported.'

Ran the OTS fix, it asked to reboot... I assumed you wanted this to happen as it was in the fix coding. Clicked OK and system rebooted, but produced no log. The only log on my desktop for OTS is the previous OTS log. (OTS logfile created on: 15/04/2012 00:55:28)


----------



## jen13007 (Apr 12, 2012)

Also, I've now aquired some new files on my desktop. Some of these are my college work files .(docx) but these are dulled out.... And two files called 'desktop.ini' :

The first .ini file contains this information:

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

The second .ini file contains :

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day [email protected]C:\PROGRA~1\MICROS~4\mui\oaa.dll,-103

If I try to remove any of these files to recycle bin it comes up 'Are you sure you want to move this system file to the recycle bin? If you remove this file, windows or another programme might no longer work properly.'

I won't remove these until I get the okay to do so.


----------



## Cookiegal (Aug 27, 2003)

dvk01 said:


> c:\windows\system32\drivers\gaacorgv.sys
> 
> is part of MBAM so legitmate & safe to leave on the computer, probably the avenger driver being used to remove a roootkit


Thanks Derek. No wonder there weren't any hits on it.


----------



## Cookiegal (Aug 27, 2003)

You don't want to delete those files. It's only because the file attributes were "hidden" before and now they're "unhidden".

Are you still not able to boot to Windows normally? If not, when you try, exactly what happens?


----------



## jen13007 (Apr 12, 2012)

Nope, still blue screening at normal login/password page.

I've attached a photo of the blue screen which I took with my phone. I don't really understand anything it's saying on it.

(Hoping the attachment works)

Thank's for all your time and help.


----------



## Cookiegal (Aug 27, 2003)

Is there a file called C:\Windows\MEMORY.DMP that was created on the same date as the crash?


----------



## jen13007 (Apr 12, 2012)

Nope, no file called memory.dmp in C\: Windows.


----------



## jen13007 (Apr 12, 2012)

If it helps by the way, I have team viewer installed on my computer after a friend previously helped me remotely... not sure if it's something you guys would use but at least then you could have a poke about yourself?

Only a suggestion though! 

(Out of random curiousity what time is it where you are?)


----------



## Cookiegal (Aug 27, 2003)

Memory dumps may not be enabled.

Please go to the link below and follow the instructions to enable minidumps (choose the small memory dump).

http://kb.acronis.com/content/2191

Then provoke a blue screen then reboot and see if a dump file was created in the minidump folder.


----------



## Cookiegal (Aug 27, 2003)

jen13007 said:


> If it helps by the way, I have team viewer installed on my computer after a friend previously helped me remotely... not sure if it's something you guys would use but at least then you could have a poke about yourself?
> 
> Only a suggestion though!
> 
> (Out of random curiousity what time is it where you are?)


Sorry but we don't allow remote assistance here for the safety of our members. 

It's 11:07 a.m. here. I see you're in Scotland so there's quite a time difference.


----------



## jen13007 (Apr 12, 2012)

Cookiegal said:


> Memory dumps may not be enabled.
> 
> Please go to the link below and follow the instructions to enable minidumps (choose the small memory dump).
> 
> ...


I changed it from Kernel (sp?) to small dump.

No files in minidump folder still.

There's also nothing in live kernel reports, which is where i'd assume the logs from previous settings would go.



Cookiegal said:


> Sorry but we don't allow remote assistance here for the safety of our members.
> 
> It's 11:07 a.m. here. I see you're in Scotland so there's quite a time difference.


Ah yeah, it's half 4 in the afternoon here.
I thought as much, but it doesn't harm anyone to ask.


----------



## Cookiegal (Aug 27, 2003)

Please do an advanced search for just the following:

.dmp

and see if any files with at extension were created today.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:regfind
NtWqIVLZEWZU
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## jen13007 (Apr 12, 2012)

Cookiegal said:


> Please do an advanced search for just the following:
> 
> .dmp
> 
> and see if any files with at extension were created today.


I've found a mini dump file for 12/04/12 but says when I tried to open it that 'The item mini010212-01.dmp this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?'

This is located at :
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows but when I clicked properties it shows C:\Windows\Minidump\Mini010212-01.dmp

There is also a file named SASMDMP4-13--13-51-6.dmp which was created on 13/4/12

This is located at : C:\Users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs

My laptop won't let me open that second one either, and sends me to a Windows website to find the software to do so, but 
says it doesn't recognise the file and suggests no software to open it.

I said no to the deletion.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:16 on 15/04/2012 by Jennifer
Administrator - Elevation successful

========== regfind ==========

Searching for "NtWqIVLZEWZU"
[HKEY_USERS\.DEFAULT\Software\NtWqIVLZEWZU]
[HKEY_USERS\S-1-5-18\Software\NtWqIVLZEWZU]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

You won't be able to open dmp files. It takes special software.

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[-HKEY_USERS\.DEFAULT\Software\NtWqIVLZEWZU]
[-HKEY_USERS\S-1-5-18\Software\NtWqIVLZEWZU]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## jen13007 (Apr 12, 2012)

ComboFix 12-04-13.01 - Jennifer 15/04/2012 17:35:46.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.953.575 [GMT 1:00]
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
Command switches used :: c:\users\Jennifer\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 16:45 . 2012-04-15 16:45	--------	d-----w-	c:\users\Jennifer\AppData\Local\temp
2012-04-15 16:45 . 2012-04-15 16:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-13 22:19 . 2012-03-12 13:27	143360	----a-w-	c:\program files\Mozilla Firefox\BabyFox.dll
2012-04-13 22:19 . 2012-04-13 22:19	--------	d-----w-	c:\program files\Babylon
2012-04-13 12:57 . 2012-04-13 12:57	54016	----a-w-	c:\windows\system32\drivers\gaacorgv.sys
2012-04-13 12:46 . 2012-04-13 12:46	--------	d-----w-	c:\users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2012-04-13 12:45 . 2012-04-13 12:46	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-04-13 12:45 . 2012-04-13 12:45	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-04-13 12:06 . 2011-12-16 16:21	29016	----a-w-	c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 12:06 . 2010-11-26 17:02	15672	----a-w-	c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 08:50 . 2012-04-13 12:07	--------	d-----w-	c:\programdata\IObit
2012-04-13 08:49 . 2012-04-13 21:26	--------	d-----w-	c:\users\Jennifer\AppData\Roaming\IObit
2012-04-13 08:49 . 2012-04-13 22:41	--------	d-----w-	c:\program files\IObit
2012-04-03 08:54 . 2012-03-06 23:03	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-04-03 08:51 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-04-03 08:50 . 2012-04-03 08:50	--------	d-----w-	c:\program files\AVAST Software
2012-04-03 08:50 . 2012-04-03 08:50	--------	d-----w-	c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2011-03-28 19:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2009-08-12 18:47	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2009-08-12 18:47	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-08-12 18:47	35672	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-08-12 18:47	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-08-12 18:47	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-08-12 18:47	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-15 19:17 . 2011-03-28 19:34	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-04 18:57 . 2010-09-04 18:57	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 68856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"eRecoveryService"="" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"UIExec"="c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608]
"Skytel"="Skytel.exe" [2008-06-27 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
.
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
autobahn.lnk - c:\users\Jennifer\AppData\Local\Autobahn\autobahn.exe [2009-4-2 710360]
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-4-1 142848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 23:32]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\gctjlzt8.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
AddRemove-TomTom HOME - c:\program files\TomTom HOME 2\Uninstall TomTom HOME.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
AddRemove-Vuze - c:\program files\Vuze\uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953} - c:\program files\eMachines GameZone\Turbo Pizza\Uninstall.exe
AddRemove-{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3} - c:\program files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 17:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-15 17:51:19
ComboFix-quarantined-files.txt 2012-04-15 16:51
ComboFix2.txt 2012-04-13 23:48
.
Pre-Run: 75,488,202,752 bytes free
Post-Run: 75,459,670,016 bytes free
.
- - End Of File - - 2D7C5DD5270A131CD3F88EFFB7230F1D


----------



## jen13007 (Apr 12, 2012)

I missed the F8 point at the reboot, it blue screened again, but I got in as far as my desktop (Although it took longer than usual) still no minidump file showing in C\: Windows\Minidump


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again with this script:


```
::regfind
NtWqIVLZEWZU
XML
```


----------



## jen13007 (Apr 12, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 20:06 on 15/04/2012 by Jennifer
Administrator - Elevation successful

No Context: NtWqIVLZEWZU

No Context: XML

-= EOF =-

Sorry for the delay, needed to take my boyfriend back to work. It's a 2 hour round trip and gets longer every time.


----------



## Cookiegal (Aug 27, 2003)

Sorry, my mistake. Please do the above again with this corrected script:


```
:regfind
NtWqIVLZEWZU
XML
```


----------



## jen13007 (Apr 12, 2012)

It doesn't seem to want to let me post this, so i've attached it instead.


----------



## Cookiegal (Aug 27, 2003)

It's because of the size. I knew it would be a bit large because of the broad search term "XML".

It looks like either ComboFix didn't remove those two entries in the registry or they returned. MalwareBytes should get them. If you already have it installed then just update it and run it.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## jen13007 (Apr 12, 2012)

Found nothing :/

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.06

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18975
Jennifer :: JENNIFER-PC [administrator]

15/04/2012 21:40:58
mbam-log-2012-04-15 (21-40-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188561
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## jen13007 (Apr 12, 2012)

Hi cookie gal, I'm off to my bed. Back to the grind tomorrow after a two week holiday.(Body clock is not going to like waking up at 6 am again!) I won't be back on my laptop until around 3pm my time.


----------



## jen13007 (Apr 12, 2012)

Apparently I'm not actually back until tomorrow. Surprise day off for me!
Any further with the previous log?


----------



## Cookiegal (Aug 27, 2003)

That's always nice to get a surprise day off. 

The two malicious entries that I saw inthe registry and tried to remove with ComboFix are still there we'll do this differently. I'm attaching a Fixjen.zip file. Save it to your desktop. Unzip it and double-click the Fixjen.reg file and allow it to merge into the registry.

Then reboot the machine and let me know if there's any improvement please.


----------



## jen13007 (Apr 12, 2012)

No improvement.


----------



## Cookiegal (Aug 27, 2003)

Please do another search with SystemLook (this will be a short one that you can copy and paste) so I can see if they were removed.

```
:regfind
NtWqIVLZEWZU
```


----------



## jen13007 (Apr 12, 2012)

Quick silly question. The sticker underneath my laptop which holds the code which i'd need to reformat has rubbed off as I said earlier, but when I right click computer/properties. There is a heading called 'Windows Activation' with a product ID in it. Would this be the same number as on that sticker?

Hope you know what I mean, sometimes I think i'm pants at explaining things.

Why anyone would put a sticker on the underneath side of a laptop, I don't know. Heh.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:46 on 16/04/2012 by Jennifer
Administrator - Elevation successful

========== regfind ==========

Searching for "NtWqIVLZEWZU"
[HKEY_USERS\.DEFAULT\Software\NtWqIVLZEWZU]
[HKEY_USERS\S-1-5-18\Software\NtWqIVLZEWZU]

-= EOF =-


----------



## jen13007 (Apr 12, 2012)

Huzzah. Used a programme called Magical Jelly Bean Keyfinder, which I found via noseying at the forums. Got my keys for both my product and CD. Alas, I don't have/don't know where that CD is.


----------



## Cookiegal (Aug 27, 2003)

Are you sure the registry fix was merged into the registry correctly? Do you know you way around the registry at all?


----------



## jen13007 (Apr 12, 2012)

I know nothing about registry at all, I couldn't even tell you what it's for without googling it. (As I said in my first post I'm quite useless when it comes to technicalities of computers/laptops) 

I extracted and right clicked merge. It came up a warning about how adding something to the registry could mess up and to click if I wanted to continue. (Which I done.)


----------



## Cookiegal (Aug 27, 2003)

I just want you to take a look without actually changing anything.

Click on Start and then type the following into the Search box:

regedit

This should open the registry editor.

Then I want you to click on the + that you see to the left of each of the following keys in the left-hand pane to expand them:

HKEY_USERS
.DEFAULT
Software

Under Software scroll down the list and let me know if you see a folder with this name:

NtWqIVLZEWZU

Please do the same for this key:

HKEY_USERS
S-1-5-18
Software

Then report back your findings.


----------



## jen13007 (Apr 12, 2012)

Nope, however there are folders with the following key names:

*HKEY_USERS\.DEFAULT\Software\KCSCPW1HKH
HKEY_USERS\.DEFAULT\Software\KUGHGZXAKT
HKEY_USERS\.DEFAULT\Software\VGZSGBQ

HKEY_USERS\S-1-5-18\Software\KCSCPW1HKH
HKEY_USERS\S-1-5-18\Software\KUGHGZXAKT
HKEY_USERS\S-1-5-18\Software\VGZSGBQ

*Not sure if they're helpful to you?

Edit. 
*VGZSGBQ *falls under a branch called 'Policies'
*KUGHGZXAKT and* *KCSCPW1HKH *fall under a branch called 'Javasoft'


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and copy and paste the following then click OK:


```
regedit /e C:\look.txt "HKEY_USERS\S-1-5-18\Software\JavaSoft"
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.

Also do the same for this one please. This report will be called C:\look2.txt.


```
regedit /e C:\look2.txt "HKEY_USERS\S-1-5-18\Software\KCSCPW1HKH"
```


----------



## jen13007 (Apr 12, 2012)

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-18\Software\JavaSoft]

[HKEY_USERS\S-1-5-18\Software\JavaSoft\Java Runtime Environment]

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-18\Software\KCSCPW1HKH]
"CsuD"=dword:00000005
"Csu3"=dword:01cbee56
"CsuE"=dword:d768d140
"Cxe2"="bP+v5ZhHEQtR"
"CsuK"=dword:00000147
"Csu2"=dword:000018eb
"CsuE3"=dword:0000021c
"Cxe9"="Q/Gk+50FE0sIlQpHNl54SUPklCmWkoy/ffW/R6s+Au/KzHTCebN7UJIqirDsgckR4nJUO172SWoEuV6hJJNjNiMtGpNNuDas1EGbhQr85QNrut1MUASUncSmoydc5q5QS1mUEZJprDEJSnlf0+//mH2kHj/3DQWX2/u2zgOL2BgcDuIX1e/9PUwxLYznk5YbhzE+JohkYZS7GBRe2tXCaV3gKfhoiQ8kKQ+xUhXbLqRapjcOx0NDBUzEIOZeqCBN"
"Cxe4"="av+q88wMXQEKyQIxeG5wQGrssQ6ltai0M/2AWdYvbZGymm3SZ41rDIc4nonK9MlvkT4OKx/WYWgfjjjTZc4CbwFJAv8kr1aM0lrSxBOa/HderOYzMkHC0Ifs4Vohm/0qLViMPpA6uDUdWg8I0buI4h2vCHfuaQ6gxeuF5COT2Wd1FrMfq52iVRkwKr//mZRjgREiArZmOJC0BBJCwbeGbQ2FPuQ+1FswIl+tcwzTHIlU3SxtlkoGHGjlJbkW1zoKEsj8p9sIfTK4ZAcXsaDl0V+Y0hXjPkXTFO5yRxxVSp5Y6+207F5Z51DuDLyYC1JXjF8F800JYg1/GXYWN8KpvVID93LjIxLMVUl4mrSR3h/jb2ROj3DGfAeriFns2kisFsNil+TrJDxSF4735xzs77KH68DgDXe7hxxInNBQXhMI8vuNziGBvvNTpeoy+h2gnqlGs3OAofYaDUyZvek/gn4a6rQKl4Q07YKlq20o+0ijbllRPZ/ZD7A/U1p5xcJapKfRBBkg4AFMEBNYS4a5J077t2m6iZD5Kfy+JQTcquwMPnBHKA8nY6aL7/5vKbaDxByLvFraFV32+dcUTEqIxnkwlG4yzT3HTT+yX2KNQK0xUZ+nJeGf8Eu45Unkl8bpo39urDfrne88n+hePU48xRNjnpJVROFB1zK/qcSQWUkAlfWeHnkRp8825GQiUU+Qu68QBZtgNtCNzSyYFpjNVUIroQjDdO/nVVZ6k3NTKZ6Ws5ciPpmUS3dOyJu0yXhZ25+bO4hUE1GQ"
"Cxe3"="Mv2x/JcAFVoxsTNba097BEPqkzTJ3Ibqf5iba4d5XbXH1WGlMuN3S5EpkNGXyZBLtToAAF76A2wFoF7wbsQ9OBQRKJlZ7ReMqQ+gtxan2Sof6vFzdhmE3JqqtmAOvf4DH0r4YfZr0RUvHjpLye6hzSP4Q2GkDSi94vSQ5jbOxUZEUO0IlqypOGF0d8Xtn50xhyBl"
"CxeE"="Muq/9YJXf241h08Vch1nS0Dx3WKbkMukKt2FaYZqCOPPwHareKlrT992hYrd0oZapzFaDEPyAj4drAfwJNMwZlhWLdcapmjqnj7fzEby2ylM7qMibUqEk4Pt/3ADoKRJXUb4aq49mw1hRWUFibGmzTi4RGu6DHql7q2QrCHDmwoDVaNL3dPPD1ALOYaugJwkmnp5CokoL4a9BRxEgNnOblTiWPZ6lBx7SkmlQjzTLqZE7SlDmBVMGnXgArde6AsUQ4nmjIEGQ37eDQZRrubf7Rmkh1/JPRe0IepdVkV0BogEtKjh/mxKvAWWe7OgHXVsp0cI1mhfOyNTPURdKey7xClZ11OMayCjUFFQns6q4yTmBAQRriKHWCj7l1ypnijnZK8wiff+bEwfa9zE5T29soibsLunDnyPhl0JuOoiECFO2vbW/Cqeof8CvaM="
"Csu9"=dword:00000005
"CsuQ"=dword:00000e10


----------



## Cookiegal (Aug 27, 2003)

We need to remove all of those. I'm attachng a Fixjen2.zip file to this post. Save it to your desktop. Unzip it (extract the file) then right-click the Fixjen2.reg file and select "Run as Administrator" and allow it to merge into the registry.

Then reboot the machine.

Then please remove the version of ComboFix that you currently have and grab the latest version then run a new scan and post that log.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.


----------



## jen13007 (Apr 12, 2012)

There doesn't seem to be an attachment for the fix..


----------



## Cookiegal (Aug 27, 2003)

Whoops sorry. Here it is.


----------



## jen13007 (Apr 12, 2012)

ComboFix 12-04-18.02 - Jennifer 18/04/2012 20:18:52.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.953.592 [GMT 1:00]
Running from: c:\users\Jennifer\Desktop\Puppy.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 19:29 . 2012-04-18 19:29 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2012-04-18 19:29 . 2012-04-18 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 20:39 . 2012-04-16 20:39 -------- d-----w- c:\program files\Magical Jelly Bean
2012-04-16 11:47 . 2012-04-16 11:51 -------- d-----r- c:\users\Jennifer\Dropbox
2012-04-16 11:45 . 2012-04-16 13:57 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Dropbox
2012-04-15 14:53 . 2012-04-15 14:53 -------- d-----w- c:\users\Jennifer\AppData\Roaming\TeamViewer
2012-04-15 10:33 . 2012-04-15 10:33 -------- d-----w- C:\_OTS
2012-04-14 00:07 . 2012-04-14 00:07 -------- d-----w- c:\users\Jennifer\AppData\Local\BVRP Software
2012-04-13 22:19 . 2012-03-12 13:27 143360 ----a-w- c:\program files\Mozilla Firefox\BabyFox.dll
2012-04-13 22:19 . 2012-04-13 22:19 -------- d-----w- c:\program files\Babylon
2012-04-13 12:57 . 2012-04-13 12:57 54016 ----a-w- c:\windows\system32\drivers\gaacorgv.sys
2012-04-13 12:46 . 2012-04-13 12:46 -------- d-----w- c:\users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2012-04-13 12:45 . 2012-04-13 12:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 12:45 . 2012-04-13 12:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-13 12:06 . 2011-12-16 16:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 12:06 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 08:50 . 2012-04-13 12:07 -------- d-----w- c:\programdata\IObit
2012-04-13 08:49 . 2012-04-13 21:26 -------- d-----w- c:\users\Jennifer\AppData\Roaming\IObit
2012-04-13 08:49 . 2012-04-13 22:41 -------- d-----w- c:\program files\IObit
2012-04-03 08:54 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-03 08:51 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-03 08:50 . 2012-04-03 08:50 -------- d-----w- c:\program files\AVAST Software
2012-04-03 08:50 . 2012-04-03 08:50 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2011-03-28 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2009-08-12 18:47 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2009-08-12 18:47 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-08-12 18:47 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-08-12 18:47 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-08-12 18:47 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-08-12 18:47 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-15 19:17 . 2011-03-28 19:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-04 18:57 . 2010-09-04 18:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
c:\program files\uTorrentControl2\prxtbuTor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 68856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"eRecoveryService"="" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"UIExec"="c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608]
"Skytel"="Skytel.exe" [2008-06-27 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]
.
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
autobahn.lnk - c:\users\Jennifer\AppData\Local\Autobahn\autobahn.exe [2009-4-2 710360]
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-4-1 142848]
Dropbox.lnk - c:\users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 23:32]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\pbttbc.bt
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\gctjlzt8.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 20:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-723304681-3238774952-3090272877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-18 20:35:51
ComboFix-quarantined-files.txt 2012-04-18 19:35
ComboFix2.txt 2012-04-15 16:51
ComboFix3.txt 2012-04-13 23:48
.
Pre-Run: 74,811,445,248 bytes free
Post-Run: 74,791,264,256 bytes free
.
- - End Of File - - 4D2A57C438E2572C1BF992D537043F86


----------



## jen13007 (Apr 12, 2012)

I had a pop up during this scan saying PEV.exe has stopped working. Then the windows solution finder popped up and tried to fix it, it didn't and I *think* it asked me to close PEV.exe


----------



## Cookiegal (Aug 27, 2003)

Which anti-virus do you want to use, Norton 360 or Avast? Because I see components for both and you really should uninstall one or the other.

How is the machine running now?


----------



## jen13007 (Apr 12, 2012)

Avast, i've previously tried unistalling norton. (Not used it for 2/3 years) but it doesn't come up in my programmes/features file in control pannel, or under the start menu. I'll do a re-boot and let you know.


----------



## Cookiegal (Aug 27, 2003)

Try the Norton removal tool (note the warnings if you have ACT! or WinFAX installed):

https://www-secure.symantec.com/nor...10133834EN&product=home&version=1&pvid=f-home

Let me know how that goes.


----------



## jen13007 (Apr 12, 2012)

Yeah, the bluescreen is still there.  
Starting to think it might be hopeless.


----------



## jen13007 (Apr 12, 2012)

That's norton removed (I believe) I guess i'd need to run a scan to make sure?


----------



## blues_harp28 (Jan 9, 2005)

jen13007 said:


> Yeah, the bluescreen is still there.
> Starting to think it might be hopeless.


I have been watching all the hard work done by Cookiegal.
Once your Pc has been cleaned of Malware etc - we may be able to deal with the blue screen.
But I am not sure reading all your posts, if the Malware was stopping you saving the minidump files.


----------



## Cookiegal (Aug 27, 2003)

Would you check those registry keys again and see if you spot any more of the same (or new) oddly names keys under Software?


----------



## jen13007 (Apr 12, 2012)

HKEY_USERS\.DEFAULT\Software\NtWqIVLZEWZU - That's a new one under branch 'Motive'
HKEY_USERS\.DEFAULT\Software\KCSCPW1HKH 
HKEY_USERS\.DEFAULT\Software\KUGHGZXAKT - Both of those are still under Javasoft

HKEY_USERS\.DEFAULT\Software\VGZSGBQ - Under policies

Exactly same ones under HKEY_USERS\S-1-5-18 in same places.



blues_harp28 said:


> I have been watching all the hard work done by Cookiegal.
> Once your Pc has been cleaned of Malware etc - we may be able to deal with the blue screen.
> But I am not sure reading all your posts, if the Malware was stopping you saving the minidump files.


Ah, so the malware could not be causing the bluescreen then. I know I done a memory test and all was fine there, as far as I could tell. She's really been amazing, infact this whole forum is a blessing to us technophobes...


----------



## Cookiegal (Aug 27, 2003)

That one is not new. It's the original one. I don't think you're running the registry fixes as Administrator so they're not working.


----------



## jen13007 (Apr 12, 2012)

I am right clicking and clicking merge. There is no option to run as Admin, but I am logged into my account which is the only one with admin priviledges. (There's only this account and guest on the laptop)


----------



## jen13007 (Apr 12, 2012)

I took my password protection off there,(incase that was what was causing it) and re ran the second edit you gave me. Only key that is showing now is HKEY_USERS\.DEFAULT\Software\NtWqIVLZEWZU

the ones under java soft and policies are gone.


----------



## Cookiegal (Aug 27, 2003)

OK, something was blocking it. I don't know what password protection you're referring to but that was what was preventing them from working.

Now, please run the previous fix I had you download (post no. 65 - fixjen.reg) and that should take care of the remaining one. Then reboot and let me know if you still get the blue screen and if there are any new (or old) odd entries there under Software.


----------



## jen13007 (Apr 12, 2012)

Ran both the edits, checked and it had removed them. Rebooted and then they were back. Still the same registry entries, in the same places.
Still having the blue screen too.


----------



## Cookiegal (Aug 27, 2003)

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## jen13007 (Apr 12, 2012)

I've not yet done the above, but have a slight problem in that i'm not able to save any word documents. This is quite a problem as I have college work that I need to upload tonight, and as i'm not able to save it I don't quite know how to get round it.


----------



## jen13007 (Apr 12, 2012)

OTL logfile created on: 19/04/2012 22:15:07 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

953.27 Mb Total Physical Memory | 603.29 Mb Available Physical Memory | 63.29% Memory free
1.13 Gb Paging File | 0.91 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 69.57 Gb Free Space | 50.03% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:14:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/16 15:43:04 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/11 19:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 00:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/08 12:02:31 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/07/08 12:00:33 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/07/08 12:00:33 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/06/23 10:23:46 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/22 10:08:38 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/05/22 10:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 10:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 10:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 10:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 10:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/09/04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/11 19:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/06/10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/19 12:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/18 15:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/11/02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {1081889E-8B6A-4FE3-AB43-54E1DF8DF8EE}
IE - HKCU\..\SearchScopes\{015875BF-82D2-4FE0-98F4-03E67A81FF81}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1081889E-8B6A-4FE3-AB43-54E1DF8DF8EE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{64AE2640-6B31-4475-9014-B11A60F61A1F}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{66018C9B-9E25-4F83-A4FC-2426D8129E40}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{69A0663B-41EB-480C-94AD-DF4C968CD762}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Pz4tWQkg3xXS9eVQbHmESbZIMbI?q={searchTerms}
IE - HKCU\..\SearchScopes\{9EF1B7CF-7B8F-4CC5-BDF4-E27470389E83}: "URL" = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\SearchScopes\{AFE686BF-F192-47B3-8692-C2D04122CC73}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{C7AC9F90-4608-41A8-AB16-AE2739D4125E}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2011/02/06 22:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/03 09:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 20:17:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/19 19:24:20 | 000,000,000 | ---D | M]

[2011/10/09 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
[2011/10/09 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/21 15:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions\moz[email protected]
[2012/04/14 00:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\gctjlzt8.default\extensions
[2012/01/22 22:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 22:23:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/03 09:51:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\EXTENSIONS\{DA8BD68D-8E90-41CD-8345-A71B294E72E6}.XPI
[2012/03/15 20:17:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/17 00:01:47 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/17 00:01:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 00:01:47 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/17 00:01:47 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/17 00:01:47 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 00:40:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Jennifer\AppData\Local\Autobahn\autobahn.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 22:14:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/04/19 19:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Fixjen(1)
[2012/04/18 20:35:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/18 20:35:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2012/04/18 20:31:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/18 20:14:41 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\Puppy.exe
[2012/04/18 19:58:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Fixjen2
[2012/04/16 21:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/04/16 21:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2012/04/16 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Fixjen
[2012/04/16 12:47:17 | 000,000,000 | R--D | C] -- C:\Users\Jennifer\Dropbox
[2012/04/16 12:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/04/16 12:45:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2012/04/15 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\TeamViewer
[2012/04/15 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder
[2012/04/15 11:33:13 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/15 00:51:19 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTS.exe
[2012/04/14 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\tdsskiller
[2012/04/14 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\BVRP Software
[2012/04/13 23:43:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/13 23:43:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/13 23:43:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 23:42:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/13 23:42:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 23:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012/04/13 13:46:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/13 13:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/13 13:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/13 13:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/13 13:06:13 | 000,029,016 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2012/04/13 09:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/13 09:49:11 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\IObit
[2012/04/13 09:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/04/03 09:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/03 09:54:19 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/04/03 09:51:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/03 09:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/03 09:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/04/19 22:14:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/04/19 21:09:00 | 000,001,356 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2012/04/19 20:52:01 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/19 20:52:01 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/19 19:23:52 | 000,007,412 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2012/04/19 19:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 19:04:05 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/04/19 19:00:37 | 000,000,216 | ---- | M] () -- C:\Users\Jennifer\Desktop\Fixjen(1).zip
[2012/04/19 18:55:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 23:37:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/04/18 20:14:57 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\Puppy.exe
[2012/04/18 19:57:46 | 000,000,246 | ---- | M] () -- C:\Users\Jennifer\Desktop\Fixjen2.zip
[2012/04/18 18:42:35 | 000,422,400 | ---- | M] () -- C:\Users\Jennifer\Desktop\.ac.uk_212_moddata_turnitintool_90_5392_161_1322165679_5392.wps
[2012/04/16 17:15:08 | 000,000,216 | ---- | M] () -- C:\Users\Jennifer\Desktop\Fixjen.zip
[2012/04/16 12:47:17 | 000,000,946 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk
[2012/04/16 12:46:01 | 000,000,926 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 17:02:55 | 000,139,264 | ---- | M] () -- C:\Users\Jennifer\Desktop\SystemLook.exe
[2012/04/15 00:51:21 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTS.exe
[2012/04/14 20:24:04 | 002,052,353 | ---- | M] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2012/04/14 08:22:25 | 000,000,512 | ---- | M] () -- C:\Users\Jennifer\Desktop\MBR.dat
[2012/04/14 00:40:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 13:57:15 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gaacorgv.sys
[2012/04/13 13:45:40 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/12 00:35:21 | 000,100,352 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 14:28:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 14:28:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 00:49:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/03 09:54:24 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/03 09:54:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/02 21:13:25 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/04/19 19:00:35 | 000,000,216 | ---- | C] () -- C:\Users\Jennifer\Desktop\Fixjen(1).zip
[2012/04/18 19:57:45 | 000,000,246 | ---- | C] () -- C:\Users\Jennifer\Desktop\Fixjen2.zip
[2012/04/18 18:42:34 | 000,422,400 | ---- | C] () -- C:\Users\Jennifer\Desktop\.ac.uk_212_moddata_turnitintool_90_5392_161_1322165679_5392.wps
[2012/04/16 17:15:06 | 000,000,216 | ---- | C] () -- C:\Users\Jennifer\Desktop\Fixjen.zip
[2012/04/16 13:07:18 | 486,023,290 | ---- | C] () -- C:\Users\Jennifer\Desktop\SAM_0079.AVI
[2012/04/16 12:47:17 | 000,000,946 | ---- | C] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk
[2012/04/16 12:46:01 | 000,000,926 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 17:18:02 | 000,139,264 | ---- | C] () -- C:\Users\Jennifer\Desktop\SystemLook.exe
[2012/04/14 20:24:03 | 002,052,353 | ---- | C] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2012/04/14 08:22:25 | 000,000,512 | ---- | C] () -- C:\Users\Jennifer\Desktop\MBR.dat
[2012/04/13 23:43:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/13 23:43:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/13 23:43:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/13 23:43:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/13 13:57:15 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gaacorgv.sys
[2012/04/13 13:45:40 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/13 13:06:13 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/04/11 14:29:30 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2012/04/03 09:54:24 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/02 21:13:25 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/11/28 21:02:59 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/28 21:02:59 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/29 04:15:27 | 000,000,280 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/28 12:35:21 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/11/09 21:52:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ccff.isl

========== LOP Check ==========

[2009/06/10 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ACD Systems
[2011/06/05 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Azureus
[2010/05/13 22:03:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/08 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Bytemobile
[2012/04/16 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2009/02/25 18:58:42 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\FloodLightGames
[2009/09/23 15:28:42 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\GetRightToGo
[2009/11/19 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HCM Updater
[2011/08/29 16:13:43 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HTC
[2011/08/29 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009/02/08 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\InterVideo
[2012/04/13 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\IObit
[2010/02/06 11:42:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LG Electronics
[2010/07/08 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2010/11/22 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Ogino
[2009/02/12 23:35:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PeerNetworking
[2009/11/22 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Program Files
[2011/08/08 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Spotify
[2010/11/22 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Tano
[2012/04/15 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TeamViewer
[2009/10/19 12:37:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2011/10/09 17:58:49 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TomTom
[2009/10/19 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2012/04/12 13:04:09 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 19/04/2012 22:15:07 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

953.27 Mb Total Physical Memory | 603.29 Mb Available Physical Memory | 63.29% Memory free
1.13 Gb Paging File | 0.91 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 69.57 Gb Free Space | 50.03% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BD8407B-C3EB-49E6-9CD3-A9E1A1231FB2}" = lport=2869 | protocol=6 | dir=in | name=upnp framework | 
"{28B7F132-8F4D-4C89-B4DE-FD91DEE87A0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6043A7E2-DAED-4020-BEDC-77038106CBAD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{61168532-C98D-4A42-BF6F-485A2BA37C3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8E268AA5-5B2A-4205-BD0A-8FB35FD3172F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A2B1AAF5-4535-44FD-B227-DA1E14F67639}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A56D4CCE-C8EB-4238-95F8-786529CD1CE2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B1D4296B-88B9-4157-A5B1-3992304A9F0E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BBB4CCE4-845A-42D5-AEEF-DF4E3FF05C0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C391A72E-F2DF-469A-9A49-7529D2B1A3EE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA0EB426-4638-41A4-8539-F9A02C1C4321}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F3E28745-C9DF-40AC-B0A5-1AC9CF978249}" = lport=1900 | protocol=17 | dir=in | name=upnp framework | 
"{F645FCF1-B42B-4A3D-934D-4DC44D8C7B36}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FDDFC5E4-9B39-4C06-A907-B57F20088B44}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6A08F-AA6B-4A1D-8E61-0BF64034B108}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{09599DEC-5087-4B59-8E74-057BFCA6C69F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{0B9267FA-C809-4B30-96F5-DC69F8A3FC45}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{0CA5CE88-50E7-41D6-8E45-457DC7BBB5DF}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{1B525299-6C13-498E-88F5-5C41EF37CFF7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{22A812B8-64EE-497A-AB30-C1F71C65B097}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{23346BDA-B9B3-44D0-98F7-A475D6C6027A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{2987531F-9D6D-41A3-95B0-2E35F395544F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{2EF8DE57-42C7-46E9-AD89-04D7A7FA0643}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{3E51727D-21BF-4AC7-98F6-75EFA16B68EF}" = protocol=58 | dir=out | [email protected],-28546 | 
"{44CF939B-82A9-494F-BEC3-C5C334E819B1}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{551684DC-9CEA-4FAA-85F5-FEAED1648044}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61DC51D0-0D6F-413A-8143-970CB4E8CE2D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{6A397687-2665-464D-B760-8BDE337E6ECA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{6BC4515B-2CF3-42F7-A2D5-401F56C5635F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7051B9F5-88FF-4B01-8F41-B5A2EEACAB56}" = protocol=1 | dir=in | [email protected],-28543 | 
"{734C1669-DEB6-4730-BC58-5BBE549E9E7F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{790E60C1-4E2E-4244-9351-8365D4C7C9BD}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{7E181F8E-82D5-41CD-87EA-05C60341AC51}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{7FA55B34-225C-4C2C-B6C9-C04000192D7C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8DE8B161-5573-4F55-8F07-591875B8704B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97E30180-E8BD-49D4-B3F2-38B881E01E40}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9E809374-4740-4A39-8E3B-397AD4AC2B16}" = protocol=58 | dir=in | [email protected],-28545 | 
"{A3CCEC3A-4EF5-4E5B-91E6-3A4E7AEC6A01}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{B4F82A21-B9D3-46E1-A1F6-4F959F354A34}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{B6DDFC1D-F18C-4CCE-8831-A863930FCCCF}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{B71F2D8E-0437-4041-9643-C1BF931C8CDF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B79F621B-B7A0-42D0-8827-B6D87B3B6299}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{B9F79452-BE64-4E4D-8FB9-B1EDCA0EC2F6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BC020F98-B9B4-46FA-9552-02D7560F10F8}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{BCE50360-9497-4DEA-9805-09613A7E9771}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C32BB99D-7AE4-4150-942F-F069049D5567}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{D2A2AD63-7E10-4B3E-B971-C154D87E49C8}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{D3907671-8733-4944-8593-26CA4E0CECC7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{DC6AEA59-EC65-4364-BF38-2CDC16E95A08}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{E1D937C8-0C48-4302-91EB-F4E62E240F90}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E2665CBC-ED01-4973-BCD5-1506619E2A9D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{E706EDA5-A01E-4A87-BA81-C09C124D5A5A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E8A71CFC-2C19-4F62-8322-2D649C86D85E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F0C1C4D7-D0E2-42C9-8F49-D0BD341C9CA4}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{FAFEE985-106A-487F-BED9-E31B7411A909}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{FD1ED7EB-0B13-4DFF-AB25-C15516915EF4}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{FE617BED-3914-4591-AAE4-3BBF9B056140}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{1045364D-CDD8-466C-AB5D-DF5EEED71FA4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3D2AEDC4-48E9-4EEB-94A2-A247253ECCE8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{60A26C32-64F7-4AD8-9C7C-75A7CFC02AED}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8121FBF6-F3D7-4ABD-83CE-E6DA9A847E7F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{B1DE6EDA-2F45-4D30-A456-FEE2F01D5E79}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{D9B0CFCF-7BF7-4370-8565-9882C1F556FC}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | 
"TCP Query User{F6419624-07F1-46C4-A7B1-98811F7666D9}C:\users\jennifer\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\utorrent.exe | 
"UDP Query User{06C2B1A5-F058-4835-9640-6CD80459106A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{32D28D01-B05D-46CC-8D13-01B166F231A7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | 
"UDP Query User{55EE2AB3-48E1-43D0-B0EB-CECD4EE826BB}C:\users\jennifer\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\utorrent.exe | 
"UDP Query User{64527D55-0C2B-4525-9DE1-71DD82693495}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E4460805-F2B6-4DFC-A1C7-7091EE4A7BE7}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{EE55ECF5-1299-452A-A302-92D25EA97BEE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{FDAB1767-678A-4831-9753-169B0F0F9AE2}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{39EEEA22-34DE-46E2-8F17-A88948B635EE}" = Samsung USB Driver
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Mobile Broadband Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8A3310A-F808-A454-253E-1F1860EB8E6A}" = TweetDeck
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Graboid Video" = Graboid Video 1.5
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"LimeWire" = LimeWire 5.2.13
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"Spotify" = Spotify
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"Update Service" = Update Service
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Vuze" = Vuze
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, I think at this point there the best thing to do would be to back up everything important to an external hard drive and reformat and reload Windows.


----------



## jen13007 (Apr 12, 2012)

Bleh. I was hoping it didn't have to come to that.
Seen as I don't have a vista disc, is there anyway I can download it and use the key which is registered with my computer which I found via the 'magical jelly bean key finder' programme? 

Or would downloading it be fraud?

Same thing applies to my Microsoft office key. Could I re enter this key?


----------



## Cookiegal (Aug 27, 2003)

No, downloads are not legal unless the key is purchased at the same time from Microsoft.

There should be a recovery partition that can be used.

But if you want to try again, I will see if there's something I missed somewhere. I just sensed you were getting fed up.

If you want to continue, please run OTL again, set the "file age" to 90 days and under Custom scan enter the following:

*Netsvcs*

Then post that log. I won't have time to check it to until later on this afternoon.


----------



## jen13007 (Apr 12, 2012)

How would I access the recovery partition?
The 'Emachines Recovery management' isn't working...says 'empowering technology' isn't working.

When I boot up and go into repair mode also, it asks for a username/password. I try entering my own but it says the domain isn't correct.

Not getting fed up, however the fact I can't save my work anymore is a bit disheartening. Done 2 hours work on a previous word file last night, in total about 5 hours work which wouldn't let me save. I'm currently doing my graded unit, which is the most important part of my final college year, so yeah I ever so slightly need it to work (or at least save my files!) until mid June.

OTL logfile created on: 20/04/2012 16:16:49 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

953.27 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 57.29% Memory free
1.13 Gb Paging File | 0.86 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 69.40 Gb Free Space | 49.91% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:14:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2012/03/15 20:17:13 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/15 20:17:13 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/08 21:56:53 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/16 15:43:04 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/11 19:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 00:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/08 12:02:31 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/07/08 12:00:33 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/07/08 12:00:33 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/06/23 10:23:46 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/22 10:08:38 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/05/22 10:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 10:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 10:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 10:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 10:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/09/04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/11 19:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/06/10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/19 12:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/18 15:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/11/02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1008&m=e520
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {1081889E-8B6A-4FE3-AB43-54E1DF8DF8EE}
IE - HKCU\..\SearchScopes\{015875BF-82D2-4FE0-98F4-03E67A81FF81}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1081889E-8B6A-4FE3-AB43-54E1DF8DF8EE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{64AE2640-6B31-4475-9014-B11A60F61A1F}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{66018C9B-9E25-4F83-A4FC-2426D8129E40}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{69A0663B-41EB-480C-94AD-DF4C968CD762}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Pz4tWQkg3xXS9eVQbHmESbZIMbI?q={searchTerms}
IE - HKCU\..\SearchScopes\{9EF1B7CF-7B8F-4CC5-BDF4-E27470389E83}: "URL" = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\SearchScopes\{AFE686BF-F192-47B3-8692-C2D04122CC73}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{C7AC9F90-4608-41A8-AB16-AE2739D4125E}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2011/02/06 22:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/03 09:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 20:17:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/19 19:24:20 | 000,000,000 | ---D | M]

[2011/10/09 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
[2011/10/09 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/21 15:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/14 00:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\gctjlzt8.default\extensions
[2012/01/22 22:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 22:23:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/03 09:51:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCTJLZT8.DEFAULT\EXTENSIONS\{DA8BD68D-8E90-41CD-8345-A71B294E72E6}.XPI
[2012/03/15 20:17:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/17 00:01:47 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/17 00:01:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 00:01:47 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/17 00:01:47 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/17 00:01:47 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 00:40:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Jennifer\AppData\Local\Autobahn\autobahn.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82712210-6590-4A59-B481-21504CF4421B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 15:22:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\OpenCandy
[2012/04/19 22:14:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/04/19 19:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Fixjen(1)
[2012/04/18 20:35:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/18 20:35:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\temp
[2012/04/18 20:31:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/18 20:14:41 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\Puppy.exe
[2012/04/18 19:58:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Fixjen2
[2012/04/16 21:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/04/16 21:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2012/04/16 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Fixjen
[2012/04/16 12:47:17 | 000,000,000 | R--D | C] -- C:\Users\Jennifer\Dropbox
[2012/04/16 12:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/04/16 12:45:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2012/04/15 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\TeamViewer
[2012/04/15 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\New Folder
[2012/04/15 11:33:13 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/15 00:51:19 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTS.exe
[2012/04/14 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\tdsskiller
[2012/04/14 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\BVRP Software
[2012/04/13 23:43:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/13 23:43:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/13 23:43:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 23:42:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/13 23:42:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 23:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012/04/13 13:46:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/13 13:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/13 13:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/13 13:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/13 13:06:13 | 000,029,016 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2012/04/13 09:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/13 09:49:11 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\IObit
[2012/04/13 09:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/04/03 09:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/03 09:54:19 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/04/03 09:51:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/03 09:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/03 09:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/04/20 15:55:38 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/20 15:55:38 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 15:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 15:50:39 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/04/20 15:29:54 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/04/20 15:29:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/04/20 15:29:26 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/04/20 15:11:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/04/20 15:11:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 22:14:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/04/19 21:09:00 | 000,001,356 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2012/04/19 19:23:52 | 000,007,412 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2012/04/19 19:00:37 | 000,000,216 | ---- | M] () -- C:\Users\Jennifer\Desktop\Fixjen(1).zip
[2012/04/18 20:14:57 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\Puppy.exe
[2012/04/18 19:57:46 | 000,000,246 | ---- | M] () -- C:\Users\Jennifer\Desktop\Fixjen2.zip
[2012/04/18 18:42:35 | 000,422,400 | ---- | M] () -- C:\Users\Jennifer\Desktop\.ac.uk_212_moddata_turnitintool_90_5392_161_1322165679_5392.wps
[2012/04/16 17:15:08 | 000,000,216 | ---- | M] () -- C:\Users\Jennifer\Desktop\Fixjen.zip
[2012/04/16 12:47:17 | 000,000,946 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk
[2012/04/16 12:46:01 | 000,000,926 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 17:02:55 | 000,139,264 | ---- | M] () -- C:\Users\Jennifer\Desktop\SystemLook.exe
[2012/04/15 00:51:21 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTS.exe
[2012/04/14 20:24:04 | 002,052,353 | ---- | M] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2012/04/14 08:22:25 | 000,000,512 | ---- | M] () -- C:\Users\Jennifer\Desktop\MBR.dat
[2012/04/14 00:40:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 13:57:15 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gaacorgv.sys
[2012/04/13 13:45:40 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/12 00:35:21 | 000,100,352 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 14:28:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 14:28:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 00:49:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/03 09:54:24 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/03 09:54:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/02 21:13:25 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/04/20 15:29:26 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/19 19:00:35 | 000,000,216 | ---- | C] () -- C:\Users\Jennifer\Desktop\Fixjen(1).zip
[2012/04/18 19:57:45 | 000,000,246 | ---- | C] () -- C:\Users\Jennifer\Desktop\Fixjen2.zip
[2012/04/18 18:42:34 | 000,422,400 | ---- | C] () -- C:\Users\Jennifer\Desktop\.ac.uk_212_moddata_turnitintool_90_5392_161_1322165679_5392.wps
[2012/04/16 17:15:06 | 000,000,216 | ---- | C] () -- C:\Users\Jennifer\Desktop\Fixjen.zip
[2012/04/16 13:07:18 | 486,023,290 | ---- | C] () -- C:\Users\Jennifer\Desktop\SAM_0079.AVI
[2012/04/16 12:47:17 | 000,000,946 | ---- | C] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk
[2012/04/16 12:46:01 | 000,000,926 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 17:18:02 | 000,139,264 | ---- | C] () -- C:\Users\Jennifer\Desktop\SystemLook.exe
[2012/04/14 20:24:03 | 002,052,353 | ---- | C] () -- C:\Users\Jennifer\Desktop\tdsskiller.zip
[2012/04/14 08:22:25 | 000,000,512 | ---- | C] () -- C:\Users\Jennifer\Desktop\MBR.dat
[2012/04/13 23:43:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/13 23:43:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/13 23:43:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/13 23:43:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/13 13:57:15 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gaacorgv.sys
[2012/04/13 13:45:40 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/13 13:06:13 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/04/11 14:29:30 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2012/04/03 09:54:24 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/02 21:13:25 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/11/28 21:02:59 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/28 21:02:59 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/29 04:15:27 | 000,000,280 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/28 12:35:21 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/11/09 21:52:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ccff.isl

========== LOP Check ==========

[2009/06/10 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ACD Systems
[2011/06/05 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Azureus
[2010/05/13 22:03:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/08 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Bytemobile
[2012/04/20 15:43:24 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2009/02/25 18:58:42 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\FloodLightGames
[2009/09/23 15:28:42 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\GetRightToGo
[2009/11/19 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HCM Updater
[2011/08/29 16:13:43 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HTC
[2011/08/29 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009/02/08 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\InterVideo
[2012/04/13 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\IObit
[2010/02/06 11:42:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LG Electronics
[2010/07/08 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\LimeWire
[2010/11/22 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Ogino
[2012/04/20 15:22:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenCandy
[2009/02/12 23:35:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PeerNetworking
[2009/11/22 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Program Files
[2011/08/08 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Spotify
[2010/11/22 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Tano
[2012/04/15 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TeamViewer
[2009/10/19 12:37:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2011/10/09 17:58:49 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TomTom
[2009/10/19 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2012/04/12 13:04:09 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 20/04/2012 16:16:49 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

953.27 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 57.29% Memory free
1.13 Gb Paging File | 0.86 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 69.40 Gb Free Space | 49.91% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BD8407B-C3EB-49E6-9CD3-A9E1A1231FB2}" = lport=2869 | protocol=6 | dir=in | name=upnp framework | 
"{28B7F132-8F4D-4C89-B4DE-FD91DEE87A0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6043A7E2-DAED-4020-BEDC-77038106CBAD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{61168532-C98D-4A42-BF6F-485A2BA37C3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8E268AA5-5B2A-4205-BD0A-8FB35FD3172F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A2B1AAF5-4535-44FD-B227-DA1E14F67639}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A56D4CCE-C8EB-4238-95F8-786529CD1CE2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B1D4296B-88B9-4157-A5B1-3992304A9F0E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BBB4CCE4-845A-42D5-AEEF-DF4E3FF05C0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C391A72E-F2DF-469A-9A49-7529D2B1A3EE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA0EB426-4638-41A4-8539-F9A02C1C4321}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F3E28745-C9DF-40AC-B0A5-1AC9CF978249}" = lport=1900 | protocol=17 | dir=in | name=upnp framework | 
"{F645FCF1-B42B-4A3D-934D-4DC44D8C7B36}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FDDFC5E4-9B39-4C06-A907-B57F20088B44}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6A08F-AA6B-4A1D-8E61-0BF64034B108}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{09599DEC-5087-4B59-8E74-057BFCA6C69F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{0B9267FA-C809-4B30-96F5-DC69F8A3FC45}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{0CA5CE88-50E7-41D6-8E45-457DC7BBB5DF}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{1B525299-6C13-498E-88F5-5C41EF37CFF7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{22A812B8-64EE-497A-AB30-C1F71C65B097}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{23346BDA-B9B3-44D0-98F7-A475D6C6027A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{2987531F-9D6D-41A3-95B0-2E35F395544F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{2EF8DE57-42C7-46E9-AD89-04D7A7FA0643}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{3E51727D-21BF-4AC7-98F6-75EFA16B68EF}" = protocol=58 | dir=out | [email protected],-28546 | 
"{44CF939B-82A9-494F-BEC3-C5C334E819B1}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{551684DC-9CEA-4FAA-85F5-FEAED1648044}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61DC51D0-0D6F-413A-8143-970CB4E8CE2D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{6A397687-2665-464D-B760-8BDE337E6ECA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{6BC4515B-2CF3-42F7-A2D5-401F56C5635F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7051B9F5-88FF-4B01-8F41-B5A2EEACAB56}" = protocol=1 | dir=in | [email protected],-28543 | 
"{734C1669-DEB6-4730-BC58-5BBE549E9E7F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{790E60C1-4E2E-4244-9351-8365D4C7C9BD}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{7E181F8E-82D5-41CD-87EA-05C60341AC51}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{7FA55B34-225C-4C2C-B6C9-C04000192D7C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8DE8B161-5573-4F55-8F07-591875B8704B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97E30180-E8BD-49D4-B3F2-38B881E01E40}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9E809374-4740-4A39-8E3B-397AD4AC2B16}" = protocol=58 | dir=in | [email protected]api.dll,-28545 | 
"{A3CCEC3A-4EF5-4E5B-91E6-3A4E7AEC6A01}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{B4F82A21-B9D3-46E1-A1F6-4F959F354A34}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{B6DDFC1D-F18C-4CCE-8831-A863930FCCCF}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{B71F2D8E-0437-4041-9643-C1BF931C8CDF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B79F621B-B7A0-42D0-8827-B6D87B3B6299}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{B9F79452-BE64-4E4D-8FB9-B1EDCA0EC2F6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BC020F98-B9B4-46FA-9552-02D7560F10F8}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{BCE50360-9497-4DEA-9805-09613A7E9771}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C32BB99D-7AE4-4150-942F-F069049D5567}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{D2A2AD63-7E10-4B3E-B971-C154D87E49C8}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{D3907671-8733-4944-8593-26CA4E0CECC7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{DC6AEA59-EC65-4364-BF38-2CDC16E95A08}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{E1D937C8-0C48-4302-91EB-F4E62E240F90}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E2665CBC-ED01-4973-BCD5-1506619E2A9D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{E706EDA5-A01E-4A87-BA81-C09C124D5A5A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E8A71CFC-2C19-4F62-8322-2D649C86D85E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F0C1C4D7-D0E2-42C9-8F49-D0BD341C9CA4}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{FAFEE985-106A-487F-BED9-E31B7411A909}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{FD1ED7EB-0B13-4DFF-AB25-C15516915EF4}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{FE617BED-3914-4591-AAE4-3BBF9B056140}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{1045364D-CDD8-466C-AB5D-DF5EEED71FA4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3D2AEDC4-48E9-4EEB-94A2-A247253ECCE8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{60A26C32-64F7-4AD8-9C7C-75A7CFC02AED}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8121FBF6-F3D7-4ABD-83CE-E6DA9A847E7F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{B1DE6EDA-2F45-4D30-A456-FEE2F01D5E79}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{D9B0CFCF-7BF7-4370-8565-9882C1F556FC}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | 
"TCP Query User{F6419624-07F1-46C4-A7B1-98811F7666D9}C:\users\jennifer\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\utorrent.exe | 
"UDP Query User{06C2B1A5-F058-4835-9640-6CD80459106A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{32D28D01-B05D-46CC-8D13-01B166F231A7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | 
"UDP Query User{55EE2AB3-48E1-43D0-B0EB-CECD4EE826BB}C:\users\jennifer\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\utorrent.exe | 
"UDP Query User{64527D55-0C2B-4525-9DE1-71DD82693495}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E4460805-F2B6-4DFC-A1C7-7091EE4A7BE7}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{EE55ECF5-1299-452A-A302-92D25EA97BEE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{FDAB1767-678A-4831-9753-169B0F0F9AE2}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{39EEEA22-34DE-46E2-8F17-A88948B635EE}" = Samsung USB Driver
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Mobile Broadband Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8A3310A-F808-A454-253E-1F1860EB8E6A}" = TweetDeck
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Graboid Video" = Graboid Video 1.5
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"LimeWire" = LimeWire 5.2.13
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"Spotify" = Spotify
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"Update Service" = Update Service
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Vuze" = Vuze
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


----------



## Cookiegal (Aug 27, 2003)

I don't know what happened to Word. What happens when you try to save a file?

The log was taken in Safe mode with networking. I need you to do that in normal mode please.


----------



## jen13007 (Apr 12, 2012)

In normal safe mode?

It won't let me boot to normal.


----------



## Cookiegal (Aug 27, 2003)

Right. Safe mode with networking will have to do but I do need you to change the File age to 90 days please.


----------



## Cookiegal (Aug 27, 2003)

Also, please do this for me:

Open *Notepad* and copy and paste what's in the following the code box:


```
@echo off
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
notepad c:\look.txt
del c:\look.txt
del %0
```
Save this as *look.bat* , choose to save as "All Files" and place it on your Desktop. It should look like this:








Right-click the look.bat file and choose: _Run as administrator_. A Notepad log should open automatically. Copy and paste the contents of it in your next reply.


----------



## Cookiegal (Aug 27, 2003)

I have reviewed this entire thread and have a few other thoughts. First, I believe there is still a problem with the paging file as a temporary one is being created (so the system is not using the default one). This may be causing the blue screen.

Please enter the following in Start Search and be sure to run as Administrator:
*
msinfo32*

It will gather system information and open up a report. In the right-hand pane under "Item" scroll down to the bottom and let me know what it says beside "Page File". It shold give the name of the file and its location.


----------



## flavallee (May 12, 2002)

After reading the comments in post #3 and seeing all the work that's been done since then without much success, I have to agree with the advice in post #97. Sometimes, a clean reinstall and getting a fresh start is the best option. 

-----------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Please check the paging file information again (see the link for the instructions on how to get to it):

http://www.vistax64.com/tutorials/132201-virtual-memory-paging-file-change.html

Set it to "*System Managed Size*". Then reboot the machine and go back and see if that setting held and exactly what the currently allocated space for the paging file is please.


----------

